From mboxrd@z Thu Jan  1 00:00:00 1970
From: Anthony Liguori <anthony@codemonkey.ws>
Subject: Re: [Qemu-devel] [RFC] Next gen kvm api
Date: Tue, 07 Feb 2012 06:51:48 -0600
Message-ID: <4F311E64.10604@codemonkey.ws>
References: <4F2AB552.2070909@redhat.com>	<CAG7+5M0s_F93G3dPrRQaFMVv_hPzpd-wYEPApJUDGhh3vJuy-A@mail.gmail.com>	<4F2C6517.3040203@codemonkey.ws>	<4F302E0D.20302@freescale.com> <4F3118EA.7040302@codemonkey.ws> <4F311BBD.5050600@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Scott Wood <scottwood@freescale.com>,
	Eric Northup <digitaleric@google.com>,
	qemu-devel <qemu-devel@nongnu.org>,
	KVM list <kvm@vger.kernel.org>,
	linux-kernel <linux-kernel@vger.kernel.org>
To: Avi Kivity <avi@redhat.com>
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <4F311BBD.5050600@redhat.com>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: kvm.vger.kernel.org

On 02/07/2012 06:40 AM, Avi Kivity wrote:
> On 02/07/2012 02:28 PM, Anthony Liguori wrote:
>>
>>> It's a potential source of exploits
>>> (from bugs in KVM or in hardware). I can see people wanting to be
>>> selective with access because of that.
>>
>> As is true of the rest of the kernel.
>>
>> If you want finer grain access control, that's exactly why we have things like
>> LSM and SELinux. You can add the appropriate LSM hooks into the KVM
>> infrastructure and setup default SELinux policies appropriately.
>
> LSMs protect objects, not syscalls. There isn't an object to protect here
> (except the fake /dev/kvm object).

A VM can be an object.

Regards,

Anthony Liguori

> In theory, kvm is exactly the same as other syscalls, but in practice, it is
> used by only very few user programs, so there may be many unexercised paths.
>