From mboxrd@z Thu Jan 1 00:00:00 1970 From: Avi Kivity Subject: Re: [RFC/GIT PULL] Linux KVM tool for v3.2 Date: Thu, 10 Nov 2011 11:09:45 +0200 Message-ID: <4EBB94D9.30906@redhat.com> References: <4EBB4A21.20707@codemonkey.ws> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Markus Armbruster , Pekka Enberg , Anthony Liguori , Pekka Enberg , Linus Torvalds , Andrew Morton , Ingo Molnar , linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Christoph Hellwig To: Sasha Levin Return-path: In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-Id: kvm.vger.kernel.org On 11/10/2011 11:04 AM, Sasha Levin wrote: > On Thu, Nov 10, 2011 at 10:57 AM, Markus Armbruster wrote: > > Sasha Levin writes: > > > >> On Thu, Nov 10, 2011 at 9:57 AM, Markus Armbruster wrote: > > [...] > >>> Start with a clean read/write raw image. Probing declares it raw. > >>> Guest writes QCOW signature to it, with a backing file of its choice. > >>> > >>> Restart with the same image. Probing declares it QCOW2. Guest can read > >>> the backing file. Oops. > >> > >> Thats an excellent scenario why you'd want to have 'Secure KVM' with > >> seccomp filters :) > > > > Yup. > > > > For what it's worth, sVirt (use SELinux to secure virtualization) > > mitigates the problem. Doesn't mean we couldn't use "Secure KVM". > > How does it do it do that? You have a hypervisor trying to read > arbitrary files on the host FS, no? Trying and failing. sVirt will deny access to all files except those explicitly allowed by libvirt. -- error compiling committee.c: too many arguments to function