From mboxrd@z Thu Jan 1 00:00:00 1970 From: Anthony Liguori Subject: Re: [RFC][PATCH 00/01]qemu VM entrypoints Date: Fri, 20 Jul 2007 15:46:18 -0500 Message-ID: <46A11F1A.2080004@codemonkey.ws> References: <20070720201101.GC12218@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: kvm-devel , Joshua Brindle , David Windsor , selinux To: James Morris Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org Errors-To: kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org List-Id: kvm.vger.kernel.org James Morris wrote: > On Fri, 20 Jul 2007, Daniel P. Berrange wrote: > > >> It could be - if your put the policy at the control API layer instead of >> in QEMU itself. >> > > Then you can bypass MAC security by invoking qemu directly. > You can bypass MAC security by writing your own binary that uses the KVM kernel interfaces. Regards, Anthony Liguori > - James > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/