On Tue, 7 Jun 2016, Tian, Kevin wrote: > > I think of QEMU as a provider of complex, high level emulators, such as > > the e1000, Cirrus VGA, SCSI controllers, etc., which don't necessarily > > need to be fast. > > Earlier you said Qemu imposes security issues. Here you said Qemu can > still provide complex emulators. Does it mean that security issue in Qemu > simply comes from the part which should be moved into Xen? Any > elaboration here?
It imposes security issues because, although it doesn't have to run as root anymore, QEMU still has to run with fully privileged libxc and xenstore handles. In other words, a malicious guest breaking into QEMU would have relatively easy access to the whole host. There is a design to solve this, see Ian Jackson's talk at FOSDEM this year: https://fosdem.org/2016/schedule/event/virt_iaas_qemu_for_xen_secure_by_default/ https://fosdem.org/2016/schedule/event/virt_iaas_qemu_for_xen_secure_by_default/attachments/other/921/export/events/attachments/virt_iaas_qemu_for_xen_secure_by_default/other/921/talk.txt Other solutions to solve this issue are stubdoms or simply using PV guests and HVMlite guests only. Irrespective of the problematic security angle, which is unsolved, I think of QEMU as a provider of complex emulators, as I wrote above. Does it make sense? _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
