SPICE and guest breakout risk assessment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I am currently working on testing out KVM as a platform for Whonix, a
Debian based spin with anonymity enforcement via usage of virtual
machines. All traffic from a workstation vm is forced through a Tor
gateway on the second gateway vm. Safeguarding against high level
attacks (0days and advanced persistent threats) is our top priority and
so right now we are hammering out the details of what virtual hardware
should be attached into the vms.

In your opinion is enabling SPICE and 2D acceleration via QXL+vdagent in
the guest, a security risk to the host? Consider this question in a
scenario where the host is a RedHat derivative that has SElinux and
secomp enabled for QEMU. We want to find out whether this is a case of
security vs convenience.

Thanks for you time.
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]