From: Avi Kivity <avi@redhat.com>
To: Joerg Roedel <joro@8bytes.org>
Cc: "Daniel P. Berrange" <berrange@redhat.com>,
Anthony Liguori <anthony@codemonkey.ws>,
Ingo Molnar <mingo@elte.hu>,
Pekka Enberg <penberg@cs.helsinki.fi>,
"Zhang, Yanmin" <yanmin_zhang@linux.intel.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Sheng Yang <sheng@linux.intel.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
Marcelo Tosatti <mtosatti@redhat.com>,
Jes Sorensen <Jes.Sorensen@redhat.com>,
Gleb Natapov <gleb@redhat.com>,
ziteng.huang@intel.com,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Fr?d?ric Weisbecker <fweisbec@gmail.com>,
Gregory Haskins <ghaskins@novell.com>
Subject: Re: [RFC] Unify KVM kernel-space and user-space code into a single project
Date: Wed, 24 Mar 2010 17:43:31 +0200 [thread overview]
Message-ID: <4BAA3323.9000405@redhat.com> (raw)
In-Reply-To: <20100324153746.GF14800@8bytes.org>
On 03/24/2010 05:37 PM, Joerg Roedel wrote:
>
>> No it can't. With sVirt every single VM has a custom security label and
>> the policy only allows it access to disks / files with a matching label,
>> and prevents it attacking any other VMs or processes on the host. THis
>> confines the scope of any exploit in QEMU to those resources the admin
>> has explicitly assigned to the guest.
>>
> Even better. So a guest which breaks out can't even access its own
> /sys/kvm/ directory. Perfect, it doesn't need that access anyway.
>
>
But what security label does that directory have? How can we make sure
that whoever needs access to those files, gets them?
Automatically created objects don't work well with that model. They're
simply missing information.
--
error compiling committee.c: too many arguments to function
next prev parent reply other threads:[~2010-03-24 15:44 UTC|newest]
Thread overview: 376+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-16 5:27 [PATCH] Enhance perf to collect KVM guest os statistics from host side Zhang, Yanmin
2010-03-16 5:41 ` Avi Kivity
2010-03-16 7:24 ` Ingo Molnar
2010-03-16 9:20 ` Avi Kivity
2010-03-16 9:53 ` Ingo Molnar
2010-03-16 10:13 ` Avi Kivity
2010-03-16 10:20 ` Ingo Molnar
2010-03-16 10:40 ` Avi Kivity
2010-03-16 10:50 ` Ingo Molnar
2010-03-16 11:10 ` Avi Kivity
2010-03-16 11:25 ` Ingo Molnar
2010-03-16 12:21 ` Avi Kivity
2010-03-16 12:29 ` Ingo Molnar
2010-03-16 12:41 ` Avi Kivity
2010-03-16 13:08 ` Ingo Molnar
2010-03-16 13:16 ` Avi Kivity
2010-03-16 13:31 ` Ingo Molnar
2010-03-16 13:37 ` Avi Kivity
2010-03-16 15:06 ` Frank Ch. Eigler
2010-03-16 15:52 ` Ingo Molnar
2010-03-16 16:08 ` Frank Ch. Eigler
2010-03-16 16:35 ` Ingo Molnar
2010-03-16 17:34 ` Anthony Liguori
2010-03-16 17:52 ` Ingo Molnar
2010-03-16 18:06 ` Anthony Liguori
2010-03-16 18:28 ` Ingo Molnar
2010-03-16 23:04 ` Anthony Liguori
2010-03-17 0:41 ` Frank Ch. Eigler
2010-03-17 3:54 ` Avi Kivity
2010-03-17 8:16 ` Ingo Molnar
2010-03-17 8:20 ` Avi Kivity
2010-03-17 8:59 ` Ingo Molnar
2010-03-18 5:27 ` Huang, Zhiteng
2010-03-17 8:14 ` Ingo Molnar
2010-03-17 8:53 ` Ingo Molnar
2010-03-16 17:06 ` Anthony Liguori
2010-03-16 17:39 ` Ingo Molnar
2010-03-16 23:07 ` Anthony Liguori
2010-03-17 8:10 ` [RFC] Unify KVM kernel-space and user-space code into a single project Ingo Molnar
2010-03-18 8:20 ` Avi Kivity
2010-03-18 8:56 ` Ingo Molnar
2010-03-18 9:24 ` Alexander Graf
2010-03-18 10:10 ` Ingo Molnar
2010-03-18 10:21 ` Avi Kivity
2010-03-18 11:35 ` Ingo Molnar
2010-03-18 12:00 ` Alexander Graf
2010-03-18 12:33 ` Frank Ch. Eigler
2010-03-18 13:01 ` John Kacur
2010-03-18 14:25 ` Ingo Molnar
2010-03-18 14:39 ` Frank Ch. Eigler
2010-03-18 13:02 ` Ingo Molnar
2010-03-18 13:10 ` Avi Kivity
2010-03-18 13:31 ` Ingo Molnar
2010-03-18 13:44 ` Daniel P. Berrange
2010-03-18 13:59 ` Ingo Molnar
2010-03-18 14:06 ` John Kacur
2010-03-18 14:11 ` Ingo Molnar
2010-03-18 13:46 ` Avi Kivity
2010-03-18 13:57 ` Ingo Molnar
2010-03-18 14:25 ` Avi Kivity
2010-03-18 14:36 ` Ingo Molnar
2010-03-18 14:51 ` Avi Kivity
2010-03-18 13:24 ` Frank Ch. Eigler
2010-03-18 13:48 ` Ingo Molnar
2010-03-18 10:12 ` Avi Kivity
2010-03-18 10:28 ` Ingo Molnar
2010-03-18 10:50 ` Ingo Molnar
2010-03-18 11:30 ` Avi Kivity
2010-03-18 11:48 ` Ingo Molnar
2010-03-18 12:22 ` Avi Kivity
2010-03-18 13:00 ` Ingo Molnar
2010-03-18 13:36 ` Avi Kivity
2010-03-18 14:09 ` Ingo Molnar
2010-03-18 14:38 ` Avi Kivity
2010-03-18 17:16 ` Ingo Molnar
2010-03-18 14:59 ` Anthony Liguori
2010-03-18 15:17 ` Ingo Molnar
2010-03-18 16:11 ` Anthony Liguori
2010-03-18 16:28 ` Ingo Molnar
2010-03-18 16:38 ` Anthony Liguori
2010-03-18 16:51 ` Pekka Enberg
2010-03-18 17:02 ` Ingo Molnar
2010-03-18 17:09 ` Avi Kivity
2010-03-18 17:28 ` Ingo Molnar
2010-03-19 7:56 ` Avi Kivity
2010-03-19 8:53 ` Ingo Molnar
2010-03-19 12:56 ` Anthony Liguori
2010-03-21 19:17 ` Ingo Molnar
2010-03-21 19:35 ` Antoine Martin
2010-03-21 19:59 ` Ingo Molnar
2010-03-21 20:09 ` Avi Kivity
2010-03-21 21:00 ` Ingo Molnar
2010-03-21 21:44 ` Avi Kivity
2010-03-21 23:43 ` Anthony Liguori
2010-03-21 20:01 ` Avi Kivity
2010-03-21 20:08 ` Olivier Galibert
2010-03-21 20:11 ` Avi Kivity
2010-03-21 20:18 ` Antoine Martin
2010-03-21 20:24 ` Avi Kivity
2010-03-21 20:31 ` Antoine Martin
2010-03-21 21:03 ` Avi Kivity
2010-03-21 21:20 ` Ingo Molnar
2010-03-22 6:35 ` Avi Kivity
2010-03-22 11:48 ` Ingo Molnar
2010-03-22 12:31 ` Pekka Enberg
2010-03-22 12:37 ` Daniel P. Berrange
2010-03-22 12:44 ` Pekka Enberg
2010-03-22 12:54 ` Ingo Molnar
2010-03-22 13:05 ` Daniel P. Berrange
2010-03-22 13:23 ` Richard W.M. Jones
2010-03-22 14:02 ` Ingo Molnar
2010-03-22 14:20 ` oerg Roedel
2010-03-22 13:56 ` Ingo Molnar
2010-03-22 14:01 ` Richard W.M. Jones
2010-03-22 14:07 ` Ingo Molnar
2010-03-22 12:36 ` Avi Kivity
2010-03-22 12:50 ` Pekka Enberg
2010-03-22 6:59 ` Zhang, Yanmin
2010-03-22 12:05 ` Antoine Martin
2010-03-21 20:37 ` Ingo Molnar
2010-03-22 6:37 ` Avi Kivity
2010-03-22 11:39 ` Ingo Molnar
2010-03-22 12:44 ` Avi Kivity
2010-03-22 12:54 ` Daniel P. Berrange
2010-03-22 14:26 ` Ingo Molnar
2010-03-22 17:29 ` Avi Kivity
2010-03-21 20:31 ` Ingo Molnar
2010-03-21 21:30 ` Avi Kivity
2010-03-21 21:52 ` Ingo Molnar
2010-03-22 6:49 ` Avi Kivity
2010-03-22 11:23 ` Ingo Molnar
2010-03-22 12:49 ` Avi Kivity
2010-03-22 13:01 ` Pekka Enberg
2010-03-22 14:54 ` Ingo Molnar
2010-03-22 19:04 ` Avi Kivity
2010-03-23 9:46 ` Olivier Galibert
2010-03-22 14:47 ` Ingo Molnar
2010-03-22 18:15 ` Avi Kivity
2010-03-22 11:10 ` oerg Roedel
2010-03-22 12:22 ` Ingo Molnar
2010-03-22 13:46 ` Joerg Roedel
2010-03-22 16:32 ` Ingo Molnar
2010-03-22 17:17 ` Frank Ch. Eigler
2010-03-22 17:27 ` Pekka Enberg
2010-03-22 17:32 ` Avi Kivity
2010-03-22 17:39 ` Ingo Molnar
2010-03-22 17:58 ` Avi Kivity
2010-03-22 17:52 ` Pekka Enberg
2010-03-22 18:04 ` Avi Kivity
2010-03-22 18:10 ` Pekka Enberg
2010-03-22 18:55 ` Avi Kivity
2010-03-22 17:43 ` Ingo Molnar
2010-03-22 18:02 ` Avi Kivity
2010-03-22 17:44 ` Avi Kivity
2010-03-22 19:10 ` Ingo Molnar
2010-03-22 19:18 ` Anthony Liguori
2010-03-22 19:23 ` Avi Kivity
2010-03-22 19:28 ` Andrea Arcangeli
2010-03-22 19:20 ` Joerg Roedel
2010-03-22 19:28 ` Avi Kivity
2010-03-22 19:49 ` Ingo Molnar
2010-03-21 23:35 ` Anthony Liguori
2010-03-20 7:35 ` Avi Kivity
2010-03-21 19:06 ` Ingo Molnar
2010-03-21 20:22 ` Avi Kivity
2010-03-21 20:55 ` Ingo Molnar
2010-03-21 21:42 ` Avi Kivity
2010-03-21 21:54 ` Ingo Molnar
2010-03-22 0:16 ` Anthony Liguori
2010-03-22 11:59 ` Ingo Molnar
2010-03-22 7:13 ` Avi Kivity
2010-03-22 11:14 ` Ingo Molnar
2010-03-22 11:23 ` Alexander Graf
2010-03-22 12:33 ` Lukas Kolbe
2010-03-22 12:29 ` Avi Kivity
2010-03-22 12:44 ` Ingo Molnar
2010-03-22 12:52 ` Avi Kivity
2010-03-22 14:32 ` Ingo Molnar
2010-03-22 14:43 ` Anthony Liguori
2010-03-22 15:55 ` Ingo Molnar
2010-03-22 16:08 ` Anthony Liguori
2010-03-22 16:59 ` Ingo Molnar
2010-03-22 18:28 ` Anthony Liguori
2010-03-22 17:11 ` Ingo Molnar
2010-03-22 18:30 ` Anthony Liguori
2010-03-22 16:12 ` Avi Kivity
2010-03-22 16:16 ` Avi Kivity
2010-03-22 16:40 ` Pekka Enberg
2010-03-22 18:06 ` Avi Kivity
2010-03-22 16:51 ` Ingo Molnar
2010-03-22 17:08 ` Avi Kivity
2010-03-22 17:34 ` Ingo Molnar
2010-03-22 17:55 ` Avi Kivity
2010-03-22 19:15 ` Anthony Liguori
2010-03-22 19:31 ` Daniel P. Berrange
2010-03-22 19:33 ` Anthony Liguori
2010-03-22 19:39 ` Alexander Graf
2010-03-22 19:54 ` Ingo Molnar
2010-03-22 19:58 ` Alexander Graf
2010-03-22 20:21 ` Ingo Molnar
2010-03-22 20:35 ` Avi Kivity
2010-03-23 10:48 ` Bernd Petrovitsch
2010-03-22 20:19 ` Antoine Martin
2010-03-22 20:00 ` Antoine Martin
2010-03-22 20:58 ` Daniel P. Berrange
2010-03-22 19:20 ` Ingo Molnar
2010-03-22 19:44 ` Avi Kivity
2010-03-22 20:06 ` Ingo Molnar
2010-03-22 20:15 ` Avi Kivity
2010-03-22 20:29 ` Ingo Molnar
2010-03-22 20:40 ` Avi Kivity
2010-03-22 18:35 ` Anthony Liguori
2010-03-22 19:22 ` Ingo Molnar
2010-03-22 19:29 ` Anthony Liguori
2010-03-22 20:32 ` Ingo Molnar
2010-03-22 20:43 ` Avi Kivity
2010-03-22 19:45 ` Avi Kivity
2010-03-22 20:35 ` Ingo Molnar
2010-03-22 20:45 ` Avi Kivity
2010-03-22 18:41 ` Anthony Liguori
2010-03-22 19:27 ` Ingo Molnar
2010-03-22 19:47 ` Avi Kivity
2010-03-22 20:46 ` Ingo Molnar
2010-03-22 20:53 ` Avi Kivity
2010-03-22 22:06 ` Anthony Liguori
2010-03-23 9:07 ` Avi Kivity
2010-03-23 14:09 ` Anthony Liguori
2010-03-23 10:13 ` Kevin Wolf
2010-03-23 10:28 ` Antoine Martin
2010-03-23 14:06 ` Joerg Roedel
2010-03-23 16:39 ` Avi Kivity
2010-03-23 18:21 ` Joerg Roedel
2010-03-23 18:27 ` Peter Zijlstra
2010-03-23 19:05 ` Javier Guerra Giraldez
2010-03-24 4:57 ` Avi Kivity
2010-03-24 11:59 ` Joerg Roedel
2010-03-24 12:08 ` Avi Kivity
2010-03-24 12:50 ` Joerg Roedel
2010-03-24 13:05 ` Avi Kivity
2010-03-24 13:46 ` Joerg Roedel
2010-03-24 13:57 ` Avi Kivity
2010-03-24 15:01 ` Joerg Roedel
2010-03-24 15:12 ` Avi Kivity
2010-03-24 15:46 ` Joerg Roedel
2010-03-24 15:49 ` Avi Kivity
2010-03-24 15:59 ` Joerg Roedel
2010-03-24 16:09 ` Avi Kivity
2010-03-24 16:40 ` Joerg Roedel
2010-03-24 16:47 ` Avi Kivity
2010-03-24 16:52 ` Avi Kivity
2010-04-08 14:29 ` Antoine Martin
2010-03-24 17:47 ` Arnaldo Carvalho de Melo
2010-03-24 18:20 ` Avi Kivity
2010-03-24 18:27 ` Arnaldo Carvalho de Melo
2010-03-25 9:00 ` Zhang, Yanmin
2010-03-24 15:26 ` Daniel P. Berrange
2010-03-24 15:37 ` Joerg Roedel
2010-03-24 15:43 ` Avi Kivity [this message]
2010-03-24 15:50 ` Joerg Roedel
2010-03-24 15:52 ` Avi Kivity
2010-03-24 16:17 ` Joerg Roedel
2010-03-24 16:20 ` Avi Kivity
2010-03-24 16:31 ` Joerg Roedel
2010-03-24 16:32 ` Avi Kivity
2010-03-24 16:45 ` Joerg Roedel
2010-03-24 16:48 ` Avi Kivity
2010-03-24 16:03 ` Peter Zijlstra
2010-03-24 16:16 ` Avi Kivity
2010-03-24 16:23 ` Joerg Roedel
2010-03-24 16:45 ` Peter Zijlstra
2010-03-24 13:53 ` Alexander Graf
2010-03-24 13:59 ` Avi Kivity
2010-03-24 14:24 ` Alexander Graf
2010-03-24 15:06 ` Avi Kivity
2010-03-24 5:09 ` Andi Kleen
2010-03-24 6:42 ` Avi Kivity
2010-03-24 7:38 ` Andi Kleen
2010-03-24 8:59 ` Avi Kivity
2010-03-24 9:31 ` Andi Kleen
2010-03-22 14:46 ` Avi Kivity
2010-03-22 16:08 ` Ingo Molnar
2010-03-22 16:13 ` Avi Kivity
2010-03-24 12:06 ` Paolo Bonzini
2010-03-21 22:00 ` Ingo Molnar
2010-03-21 23:50 ` Anthony Liguori
2010-03-22 0:25 ` Anthony Liguori
2010-03-22 7:18 ` Avi Kivity
2010-03-19 9:19 ` Paul Mundt
2010-03-19 9:52 ` Olivier Galibert
2010-03-19 13:56 ` [LKML] " Konrad Rzeszutek Wilk
2010-03-18 14:53 ` Anthony Liguori
2010-03-18 16:13 ` Ingo Molnar
2010-03-18 16:54 ` Avi Kivity
2010-03-18 17:11 ` Ingo Molnar
2010-03-18 18:20 ` Anthony Liguori
2010-03-18 18:23 ` drepper
2010-03-18 19:15 ` Ingo Molnar
2010-03-18 19:37 ` drepper
2010-03-18 20:18 ` Ingo Molnar
2010-03-18 20:39 ` drepper
2010-03-18 20:56 ` Ingo Molnar
2010-03-18 22:06 ` Alan Cox
2010-03-18 22:16 ` Ingo Molnar
2010-03-19 7:22 ` Avi Kivity
2010-03-21 13:27 ` Gabor Gombas
2010-03-18 21:02 ` Zachary Amsden
2010-03-18 21:15 ` Ingo Molnar
2010-03-18 22:19 ` Zachary Amsden
2010-03-18 22:44 ` Ingo Molnar
2010-03-19 7:21 ` Avi Kivity
2010-03-20 14:59 ` Andrea Arcangeli
2010-03-21 10:03 ` Avi Kivity
2010-03-18 9:22 ` Ingo Molnar
2010-03-18 10:32 ` Avi Kivity
2010-03-18 11:19 ` Ingo Molnar
2010-03-18 18:20 ` Frederic Weisbecker
2010-03-18 19:50 ` Frank Ch. Eigler
2010-03-18 20:47 ` Ingo Molnar
2010-03-18 8:44 ` Jes Sorensen
2010-03-18 9:54 ` Ingo Molnar
2010-03-18 10:40 ` Jes Sorensen
2010-03-18 10:58 ` Ingo Molnar
2010-03-18 13:23 ` Jes Sorensen
2010-03-18 14:22 ` Ingo Molnar
2010-03-18 14:45 ` Jes Sorensen
2010-03-18 16:54 ` Ingo Molnar
2010-03-18 18:10 ` Anthony Liguori
2010-03-19 14:53 ` Andrea Arcangeli
2010-03-18 14:38 ` Anthony Liguori
2010-03-18 14:44 ` Anthony Liguori
2010-03-16 22:30 ` [PATCH] Enhance perf to collect KVM guest os statistics from host side oerg Roedel
2010-03-16 23:01 ` Masami Hiramatsu
2010-03-17 7:27 ` Ingo Molnar
2010-03-16 7:48 ` Zhang, Yanmin
2010-03-16 9:28 ` Zhang, Yanmin
2010-03-16 9:33 ` Avi Kivity
2010-03-16 9:47 ` Ingo Molnar
2010-03-17 9:26 ` Zhang, Yanmin
2010-03-18 2:45 ` Zhang, Yanmin
2010-03-18 7:49 ` Zhang, Yanmin
2010-03-18 8:03 ` Ingo Molnar
2010-03-18 13:03 ` Arnaldo Carvalho de Melo
2010-03-16 9:32 ` Avi Kivity
2010-03-17 2:34 ` Zhang, Yanmin
2010-03-17 9:28 ` Sheng Yang
2010-03-17 9:41 ` Avi Kivity
2010-03-17 9:51 ` Sheng Yang
2010-03-17 10:06 ` Avi Kivity
2010-03-17 21:14 ` Zachary Amsden
2010-03-18 1:19 ` Sheng Yang
2010-03-18 4:50 ` Zachary Amsden
2010-03-18 5:22 ` Sheng Yang
2010-03-18 5:41 ` Sheng Yang
2010-03-18 8:47 ` Zachary Amsden
2010-03-19 3:38 ` Zhang, Yanmin
2010-03-19 8:21 ` Ingo Molnar
2010-03-19 17:29 ` oerg Roedel
2010-03-21 18:43 ` Ingo Molnar
2010-03-22 10:14 ` oerg Roedel
2010-03-22 10:37 ` Ingo Molnar
2010-03-22 10:59 ` Ingo Molnar
2010-03-22 11:47 ` Joerg Roedel
2010-03-22 12:26 ` Ingo Molnar
2010-03-23 13:18 ` Soeren Sandmann
2010-03-23 13:49 ` Andi Kleen
2010-03-23 14:04 ` Soeren Sandmann
2010-03-23 14:20 ` Andi Kleen
2010-03-23 14:29 ` Arnaldo Carvalho de Melo
2010-03-23 14:46 ` Frank Ch. Eigler
2010-03-23 14:10 ` Arnaldo Carvalho de Melo
2010-03-23 15:23 ` Peter Zijlstra
2010-03-22 7:24 ` Zhang, Yanmin
2010-03-22 16:44 ` Arnaldo Carvalho de Melo
2010-03-23 3:14 ` Zhang, Yanmin
2010-03-23 13:15 ` Arnaldo Carvalho de Melo
2010-03-24 1:39 ` Zhang, Yanmin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BAA3323.9000405@redhat.com \
--to=avi@redhat.com \
--cc=Jes.Sorensen@redhat.com \
--cc=a.p.zijlstra@chello.nl \
--cc=acme@redhat.com \
--cc=anthony@codemonkey.ws \
--cc=berrange@redhat.com \
--cc=fweisbec@gmail.com \
--cc=ghaskins@novell.com \
--cc=gleb@redhat.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=mtosatti@redhat.com \
--cc=penberg@cs.helsinki.fi \
--cc=sheng@linux.intel.com \
--cc=yanmin_zhang@linux.intel.com \
--cc=ziteng.huang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).