From mboxrd@z Thu Jan 1 00:00:00 1970 From: Avi Kivity Subject: Re: [RFC] Next gen kvm api Date: Tue, 07 Feb 2012 15:18:21 +0200 Message-ID: <4F31249D.1040700@redhat.com> References: <4F2AB552.2070909@redhat.com> <4F2C6517.3040203@codemonkey.ws> <4F302E0D.20302@freescale.com> <4F3118EA.7040302@codemonkey.ws> <4F311BBD.5050600@redhat.com> <4F311E64.10604@codemonkey.ws> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Scott Wood , linux-kernel , Eric Northup , KVM list , qemu-devel To: Anthony Liguori Return-path: In-Reply-To: <4F311E64.10604@codemonkey.ws> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+gceq-qemu-devel=gmane.org@nongnu.org Sender: qemu-devel-bounces+gceq-qemu-devel=gmane.org@nongnu.org List-Id: kvm.vger.kernel.org On 02/07/2012 02:51 PM, Anthony Liguori wrote: > On 02/07/2012 06:40 AM, Avi Kivity wrote: >> On 02/07/2012 02:28 PM, Anthony Liguori wrote: >>> >>>> It's a potential source of exploits >>>> (from bugs in KVM or in hardware). I can see people wanting to be >>>> selective with access because of that. >>> >>> As is true of the rest of the kernel. >>> >>> If you want finer grain access control, that's exactly why we have >>> things like >>> LSM and SELinux. You can add the appropriate LSM hooks into the KVM >>> infrastructure and setup default SELinux policies appropriately. >> >> LSMs protect objects, not syscalls. There isn't an object to protect >> here >> (except the fake /dev/kvm object). > > A VM can be an object. > Not really, it's not accessible in a namespace. How would you label it? Maybe we can reuse the process label/context (not sure what the right term is for a process). -- I have a truly marvellous patch that fixes the bug which this signature is too narrow to contain.