From mboxrd@z Thu Jan 1 00:00:00 1970 From: Joerg Roedel Subject: Re: How to secret Dom0 against DomU . Date: Fri, 20 Feb 2009 17:50:16 +0100 Message-ID: <20090220165016.GJ2125@8bytes.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: kvm@vger.kernel.org To: Daniel Schwager Return-path: Received: from 8bytes.org ([88.198.83.132]:55363 "EHLO 8bytes.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753397AbZBTQuS (ORCPT ); Fri, 20 Feb 2009 11:50:18 -0500 Content-Disposition: inline In-Reply-To: Sender: kvm-owner@vger.kernel.org List-ID: On Fri, Feb 20, 2009 at 05:26:22PM +0100, Daniel Schwager wrote: > Hi, > > are there some known issues using kvm-84 > - to break in into the Dom0 > - to corrupt the Dom0 > - to ... Dom0 > > Are there some thinks I have to configure in Dom0 > to safe Dom0 against DomU's ? This is absolutly no risk in KVM just because there is no Dom0. I guess you mean if there is any way to break out of a guest and hack the host. As far as I know there are no known security issue. > > My kvm-call looks like this: > > 30743 ? Sl 85:36 /usr/kvm/bin/qemu-system-x86_64 -S -M pc -m > 500 -smp 1 -name solidcam -uuid 85e73643-0f27-b995-8ecb-9042ea044dc5 > -monitor pty -pidfile /var/run/libvirt/qemu//solidcam.pid -boot c -drive > file=/srv/winxp127.dsk,if=ide,index=0,boot=on -net > nic,macaddr=ae:de:49:00:40:0e,vlan=0,model=e1000 -net > tap,ifname=vif100,script=/opt/virtcontroller/bin/qemu-ifup,vlan=0 > -serial pty -parallel none -usb -usbdevice tablet -vnc 0.0.0.0:0 > > I want to publish windows XP DomU's to (technical affine) people's - I > do not want > that they can hurt/hack our base-system. > > regards > Danny > > > -- > To unsubscribe from this list: send the line "unsubscribe kvm" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html