On 05/28/2010 10:46 AM, Cole Robinson wrote: >> Leaving qemu privileged means that a compromised guest can exploit the >> privileges and do damage to the hypervisor; is it worth adding >> additional comments warning the user about the lack of security inherent >> in clearing the option? >> > > How about > > # If clear_emulator_capabilities is enabled, libvirt will drop all > # privileged capabilities of the QEmu/KVM emulator. This is enabled by # > default. > # > # Warning: Disabling this option means that a compromised guest can > # exploit the privileges and possibly do damage to the host.
Sounds good to me with that wording. -- Eric Blake [email protected] +1-801-349-2682 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
