Re: [Qemu-devel] [RFC] Next gen kvm api

[Anthony Liguori]

On 02/07/2012 07:18 AM, Avi Kivity wrote:
> On 02/07/2012 02:51 PM, Anthony Liguori wrote:
> > On 02/07/2012 06:40 AM, Avi Kivity wrote:
> > > On 02/07/2012 02:28 PM, Anthony Liguori wrote:
> > > > > It's a potential source of exploits
> > > > > (from bugs in KVM or in hardware). I can see people wanting to be
> > > > > selective with access because of that.
> > > >
> > > > As is true of the rest of the kernel.
> > > >
> > > > If you want finer grain access control, that's exactly why we have things like
> > > > LSM and SELinux. You can add the appropriate LSM hooks into the KVM
> > > > infrastructure and setup default SELinux policies appropriately.
> > >
> > > LSMs protect objects, not syscalls. There isn't an object to protect here
> > > (except the fake /dev/kvm object).
> >
> > A VM can be an object.
>
> Not really, it's not accessible in a namespace. How would you label it?

Labels can originate from userspace, IIUC, so I think it's possible for QEMU (or 
whatever the userspace is) to set the label for the VM while it's creating it. 
I think this is how most of the labeling for X and things of that nature works.

Maybe Chris can set me straight.

> Maybe we can reuse the process label/context (not sure what the right term is
> for a process).

Regards,

Anthony Liguori

>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/