On Fri, 20 Jul 2007, Anthony Liguori wrote: > James Morris wrote: > > On Fri, 20 Jul 2007, Daniel P. Berrange wrote: > > > > > > > It could be - if your put the policy at the control API layer instead of > > > in QEMU itself. > > > > > > > Then you can bypass MAC security by invoking qemu directly. > > > > You can bypass MAC security by writing your own binary that uses the KVM > kernel interfaces.
Yep, I was thinking only about qemu. I guess you'd have OS policy preventing normal domains from accessing /dev/kvm (or /dev/lguest etc.), while a security-aware launcher would enforce access control policy over which domains could launch which disk images as VMs, and also setup the execution context & fork. So, perhaps this would be better done at the libvirt layer (i.e. make libvirt the object manager). - James -- James Morris <[EMAIL PROTECTED]> ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ kvm-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/kvm-devel
