Dor Laor wrote:
Jamie Lokier wrote:
Dor Laor wrote:
What I meant is that if we allow the guest to change his mac
address, it can deliberately
change it to other hosts/guests mac and thus create networking
problems.
Although guest can always mangle packets, maybe it worth enforcing
these macs for the guest.
Although it can create network problems, sometimes it is also wanted.
I think if you want to restrict the guests's ability to break the
network by changing its MAC, it would be appropriate to have an option
to completely lock down the MAC so the guest can't change its MAC at
all.
That's what I was shooting to.
One example this can be helpful is when kvm is used to run virtual
servers in a computing
farm like Amazon. You wouldn't like a VM owner to mess your network.
Restricting the MAC address won't help. The guest can still forge the
link layer address and/or the IP layer addresses.
This needs to be addressed by netfilter.
--
error compiling committee.c: too many arguments to function
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
