From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59920) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W2iyJ-0005p4-Pu for qemu-devel@nongnu.org; Mon, 13 Jan 2014 09:58:41 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1W2iyD-00041y-SN for qemu-devel@nongnu.org; Mon, 13 Jan 2014 09:58:35 -0500 Received: from static.88-198-71-155.clients.your-server.de ([88.198.71.155]:50654 helo=socrates.bennee.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W2ieB-0006BH-AP for qemu-devel@nongnu.org; Mon, 13 Jan 2014 09:37:47 -0500 References: <52D2EA57.7050905@gmail.com> <20140113041101.GC20389@stefanha-thinkpad.redhat.com> <52D36A12.7090004@gmail.com> From: Alex =?utf-8?Q?Benn=C3=A9e?= In-reply-to: <52D36A12.7090004@gmail.com> Date: Mon, 13 Jan 2014 14:38:25 +0000 Message-ID: <87wqi4ymji.fsf@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Subject: Re: [Qemu-devel] chroot jailing... List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "immersive.excel@gmail.com" Cc: Stefan Hajnoczi , qemu-devel@nongnu.org immersive.excel@gmail.com writes: > Thanks! > > So it sounds like you're saying selinux is the only meaningful thing to try? > Or do people ever bother to place qemu in chroot jails?? > > I seem to have gotten the impression that people use qemu-static to do this, > but it appears to be more for offering secured access of a guest folder > to the host OS; The qemu-static + chroot approach is mainly to avoid doing complex path manipulation between host/guest file-systems AFAICT. > not so much for security... > -- Alex Bennée