From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tomasz Chmielewski <mangoo@wpkg.org>
Subject: Re: How to secret Dom0  against DomU .
Date: Fri, 20 Feb 2009 19:20:27 +0100
Message-ID: <499EF46B.4050008@wpkg.org>
References: <EB31672367A401439CD5A4A10889D57B01297453@exchange.dtnet.de> <20090220165016.GJ2125@8bytes.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Daniel Schwager <Daniel.Schwager@dtnet.de>, kvm@vger.kernel.org
To: Joerg Roedel <joro@8bytes.org>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx03.syneticon.net ([78.111.66.105]:57391 "EHLO
	mx03.syneticon.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750948AbZBTSUV (ORCPT <rfc822;kvm@vger.kernel.org>);
	Fri, 20 Feb 2009 13:20:21 -0500
In-Reply-To: <20090220165016.GJ2125@8bytes.org>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Joerg Roedel schrieb:
> On Fri, Feb 20, 2009 at 05:26:22PM +0100, Daniel Schwager wrote:
>> Hi,
>>
>> are there some known issues using kvm-84 
>> 	- to break in into the Dom0
>> 	- to corrupt the Dom0
>> 	- to ... Dom0
>>
>> Are there some thinks I have to configure in Dom0
>> to safe Dom0 against DomU's ?
> 
> This is absolutly no risk in KVM just because there is no Dom0. I guess
> you mean if there is any way to break out of a guest and hack the host.
> As far as I know there are no known security issue.

He may also want to prevent guest from accessing the host via network.

Place the guest in a different VLAN, attach to a different bridge etc.


-- 
Tomasz Chmielewski
http://wpkg.org