Re: [RFC/GIT PULL] Linux KVM tool for v3.2
From: Sasha Levin
Date: Thu Nov 10 2011 - 04:14:57 EST
On Thu, Nov 10, 2011 at 11:09 AM, Avi Kivity <avi@xxxxxxxxxx> wrote:
> On 11/10/2011 11:04 AM, Sasha Levin wrote:
>> On Thu, Nov 10, 2011 at 10:57 AM, Markus Armbruster <armbru@xxxxxxxxxx> wrote:
>> > Sasha Levin <levinsasha928@xxxxxxxxx> writes:
>> >
>> >> On Thu, Nov 10, 2011 at 9:57 AM, Markus Armbruster <armbru@xxxxxxxxxx> wrote:
>> > [...]
>> >>> Start with a clean read/write raw image. Probing declares it raw.
>> >>> Guest writes QCOW signature to it, with a backing file of its choice.
>> >>>
>> >>> Restart with the same image. Probing declares it QCOW2. Guest can read
>> >>> the backing file. Oops.
>> >>
>> >> Thats an excellent scenario why you'd want to have 'Secure KVM' with
>> >> seccomp filters :)
>> >
>> > Yup.
>> >
>> > For what it's worth, sVirt (use SELinux to secure virtualization)
>> > mitigates the problem. Doesn't mean we couldn't use "Secure KVM".
>>
>> How does it do it do that? You have a hypervisor trying to read
>> arbitrary files on the host FS, no?
>
> Trying and failing. sVirt will deny access to all files except those
> explicitly allowed by libvirt.
It still allows the guest to read more than enough files which it
shouldn't be reading.
Unless you configure sVirt on a per-guest basis...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/