From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41125) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W2kyw-0006rA-9u for qemu-devel@nongnu.org; Mon, 13 Jan 2014 12:07:30 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1W2kyn-0004PX-TB for qemu-devel@nongnu.org; Mon, 13 Jan 2014 12:07:22 -0500 Received: from mail-qc0-x230.google.com ([2607:f8b0:400d:c01::230]:51415) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W2kyn-0004PS-Hw for qemu-devel@nongnu.org; Mon, 13 Jan 2014 12:07:13 -0500 Received: by mail-qc0-f176.google.com with SMTP id e16so4367717qcx.35 for ; Mon, 13 Jan 2014 09:07:13 -0800 (PST) Message-ID: <52D41D3F.8010805@gmail.com> Date: Mon, 13 Jan 2014 12:07:11 -0500 From: "immersive.excel@gmail.com" MIME-Version: 1.0 References: <52D2EA57.7050905@gmail.com> <20140113041101.GC20389@stefanha-thinkpad.redhat.com> <52D36A12.7090004@gmail.com> <87wqi4ymji.fsf@linaro.org> In-Reply-To: <87wqi4ymji.fsf@linaro.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Subject: Re: [Qemu-devel] chroot jailing... List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: =?UTF-8?B?QWxleCBCZW5uw6ll?= , Stefan Hajnoczi , Markus Ambruster Cc: qemu-devel@nongnu.org That's what I thought; just had to be sure. Thanks all... ======================== On 01/13/2014 09:38 AM, Alex Bennée wrote: > immersive.excel@gmail.com writes: > >> Thanks! >> >> So it sounds like you're saying selinux is the only meaningful thing to try? >> Or do people ever bother to place qemu in chroot jails?? >> >> I seem to have gotten the impression that people use qemu-static to do this, >> but it appears to be more for offering secured access of a guest folder >> to the host OS; > The qemu-static + chroot approach is mainly to avoid doing complex path > manipulation between host/guest file-systems AFAICT. > >> not so much for security... >> > >