From: Cleber Rosa <crosa@redhat.com>
To: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] live snapshot wiki updated
Date: Wed, 20 Jul 2011 14:34:23 -0400 [thread overview]
Message-ID: <4E271FAF.1050007@redhat.com> (raw)
In-Reply-To: <4E26E764.80809@codemonkey.ws>
On 07/20/2011 10:34 AM, Anthony Liguori wrote:
> On 07/20/2011 08:50 AM, Cleber Rosa wrote:
>> Just as a reminder: with DAC, if a guest is compromised and somehow
>> escalates to QEMU, it could disable its isolation (ie, by setting their
>> own image files world readable). I guess we shouldn't try to fix the DAC
>> model, but fix what's preventing us from fully using MAC, even though
>> it's outside of QEMU.
>
> I don't see how a guest making its data world readable is a
> fundamental problem.
Well, if we're discussing security models and how to provide the best
isolation we can to VMs/QEMU instances, then a VM being able to read (or
even write) data of another VM *is* a fundamental problem. "setting
their own imagine files world readable" is just one example of how that
could be accomplished.
>
> DAC is a fundamental part of the Unix design and is something that
> administrators understand very well.
That's is a true sentence, but it does not make DAC the most appropriate
solution here.
> I completely understand the value of MAC but to argue that we
> shouldn't present DAC as an option I think is fundamentally wrong.
I never said, and really don't think we shouldn't provide other security
options/models, this is actually part of the well accepted "security in
multiple layers" strategy.
I did assume, though, we were aiming for the best isolation level, and
that is definitely MAC. DAC may indeed be good enough for some, but
definitely not good enough for many others.
CR.
>
> Regards,
>
> Anthony Liguori
>
>>
>> CR.
>>
>>>
>>> Regards,
>>>
>>> Anthony Liguori
>>>
>>
>>
>
>
next prev parent reply other threads:[~2011-07-20 17:32 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-15 14:58 [Qemu-devel] live snapshot wiki updated Jes Sorensen
2011-07-18 14:08 ` Stefan Hajnoczi
2011-07-19 7:24 ` Jes Sorensen
2011-07-19 13:23 ` Stefan Hajnoczi
2011-07-19 13:27 ` Jes Sorensen
2011-07-19 13:58 ` Eric Blake
2011-07-19 14:09 ` Jes Sorensen
2011-07-19 14:24 ` Eric Blake
2011-07-19 14:30 ` Jes Sorensen
2011-07-19 15:14 ` Stefan Hajnoczi
2011-07-19 16:46 ` Daniel P. Berrange
2011-07-20 7:30 ` Markus Armbruster
2011-07-20 8:23 ` Jes Sorensen
2011-07-20 9:36 ` Daniel P. Berrange
2011-07-20 10:15 ` [Qemu-devel] [libvirt] " Nicolas Sebrecht
2011-07-20 10:28 ` Daniel P. Berrange
2011-07-20 11:40 ` [Qemu-devel] [libvirt] " Stefan Hajnoczi
[not found] ` <4E27E610.7090502@redhat.com>
[not found] ` <4E282DE6.1020603@redhat.com>
[not found] ` <4E283554.4080903@redhat.com>
2011-07-21 14:51 ` Eric Blake
[not found] ` <4E27E5A2.2030208@redhat.com>
[not found] ` <4E28317D.9020502@redhat.com>
2011-07-21 15:01 ` [Qemu-devel] " Stefan Hajnoczi
2011-07-21 19:42 ` Blue Swirl
2011-07-22 5:06 ` Stefan Hajnoczi
2011-07-22 15:49 ` Blue Swirl
2011-07-22 7:22 ` Kevin Wolf
2011-07-22 9:11 ` Stefan Hajnoczi
2011-07-22 16:05 ` Blue Swirl
2011-07-20 9:50 ` Kevin Wolf
2011-07-20 10:18 ` Daniel P. Berrange
2011-07-19 16:14 ` Anthony Liguori
2011-07-20 8:25 ` Jes Sorensen
2011-07-20 10:01 ` Kevin Wolf
2011-07-20 13:25 ` Jes Sorensen
2011-07-20 13:46 ` Eric Blake
2011-07-20 17:27 ` Blue Swirl
2011-07-20 17:47 ` Eric Blake
2011-07-20 19:51 ` Blue Swirl
[not found] ` <4E27DE5D.5050502@redhat.com>
2011-07-21 19:34 ` Blue Swirl
2011-07-20 13:51 ` Kevin Wolf
2011-07-20 17:20 ` Blue Swirl
2011-07-20 17:41 ` Eric Blake
2011-07-20 18:00 ` Blue Swirl
2011-07-20 18:17 ` Eric Blake
2011-07-20 20:01 ` Blue Swirl
2011-07-20 20:10 ` Eric Blake
[not found] ` <4E27E280.2060306@redhat.com>
2011-07-21 19:01 ` Blue Swirl
2011-07-22 7:36 ` Avi Kivity
2011-07-22 8:11 ` Kevin Wolf
2011-07-22 16:09 ` Blue Swirl
2011-07-20 13:50 ` Cleber Rosa
2011-07-20 14:34 ` Anthony Liguori
2011-07-20 18:34 ` Cleber Rosa [this message]
2011-07-19 16:47 ` Daniel P. Berrange
2011-07-20 8:26 ` Jes Sorensen
2011-07-20 9:38 ` Daniel P. Berrange
2011-07-20 14:35 ` Anthony Liguori
2011-07-21 18:56 ` Michael Roth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E271FAF.1050007@redhat.com \
--to=crosa@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).