> Why does Proxmox run KVM process as root? Only for simplicity. It would need a careful audit to see what features are broken if we run as non-root.
> Running KVM as a non-root user would be much more secure, a flaw allowing > code execution on the host would be limited by the user account. > For added security running each KVM process as a unique user would prevent an > exploit in one guest from accessing virtual disks of another guest provided > proper permissions were also applied to the vm disk files/devices. Would be great if somebody helps to analyze those issues in more detail. Some volunteers here? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
