| |||||||||||||
All VMs run as the same user...All VMs run as the same user...Posted Sep 26, 2009 9:04 UTC (Sat) by avik (guest, #704)In reply to: All VMs run as the same user... by rwmj Parent article: LinuxCon: Secure virtualization with sVirt
It's safe. Access to /dev/kvm doesn't give any access to other virtual machines.
Of course, if a process has access to another process (via kill(2) or ptrace(2)) it can affect or access data belonging to that process. So if you run all virtual machines as the same user, you need to further isolate them. I believe sVirt does that with its random selinux contexts. but I'm no selinux expert.
(Log in to post comments)
All VMs run as the same user... Posted Sep 26, 2009 10:17 UTC (Sat) by rwmj (subscriber, #5474) [Link]
There you have it. Thanks Avi :-)
|
|||||||||||||