From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:37722) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RukLj-0001Aj-Fb for qemu-devel@nongnu.org; Tue, 07 Feb 2012 07:40:49 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RukLd-0003Mc-KM for qemu-devel@nongnu.org; Tue, 07 Feb 2012 07:40:43 -0500 Received: from mx1.redhat.com ([209.132.183.28]:7000) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RukLd-0003MY-CP for qemu-devel@nongnu.org; Tue, 07 Feb 2012 07:40:37 -0500 Message-ID: <4F311BBD.5050600@redhat.com> Date: Tue, 07 Feb 2012 14:40:29 +0200 From: Avi Kivity MIME-Version: 1.0 References: <4F2AB552.2070909@redhat.com> <4F2C6517.3040203@codemonkey.ws> <4F302E0D.20302@freescale.com> <4F3118EA.7040302@codemonkey.ws> In-Reply-To: <4F3118EA.7040302@codemonkey.ws> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [RFC] Next gen kvm api List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Anthony Liguori Cc: Scott Wood , Eric Northup , qemu-devel , KVM list , linux-kernel On 02/07/2012 02:28 PM, Anthony Liguori wrote: > >> It's a potential source of exploits >> (from bugs in KVM or in hardware). I can see people wanting to be >> selective with access because of that. > > As is true of the rest of the kernel. > > If you want finer grain access control, that's exactly why we have > things like LSM and SELinux. You can add the appropriate LSM hooks > into the KVM infrastructure and setup default SELinux policies > appropriately. LSMs protect objects, not syscalls. There isn't an object to protect here (except the fake /dev/kvm object). In theory, kvm is exactly the same as other syscalls, but in practice, it is used by only very few user programs, so there may be many unexercised paths. -- I have a truly marvellous patch that fixes the bug which this signature is too narrow to contain.