On Wed, Sep 3, 2008 at 4:27 PM, Thomas Lockney <[EMAIL PROTECTED]> wrote: > On Wed, 2008-09-03 at 12:39 -0500, Charles Duffy wrote: >> Would it not address your security concerns to build a modular kernel, >> load the current kvm module, and then drop CAP_SYS_MODULE as part of >> your boot scripts? > > Seems that this could be less than ideal if you're providing the VMs as > hosts for clients (perhaps in a VPS-type situation).
the module loading and capability dropping would be done at host boot, not guests -- Javier -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
