All VMs run as the same user...

Posted Sep 26, 2009 7:19 UTC (Sat) by rwmj (guest, #5474)
In reply to: All VMs run as the same user... by smoogen
Parent article: LinuxCon: Secure virtualization with sVirt

It's a good question. I talked to Gleb and Avi about this a few months back, and I came away with
the impression that it was safe. _However_ rereading their responses this morning, I'm now not so
sure it provides isolation between users who have VMs on the same system, so I guess I'm going to
have to dig into the code and check it myself.

Rich.

to post comments

All VMs run as the same user...

Posted Sep 26, 2009 9:04 UTC (Sat) by avik (guest, #704) [Link] (1 responses)

It's safe. Access to /dev/kvm doesn't give any access to other virtual machines.

Of course, if a process has access to another process (via kill(2) or ptrace(2)) it can affect or access data belonging to that process. So if you run all virtual machines as the same user, you need to further isolate them. I believe sVirt does that with its random selinux contexts. but I'm no selinux expert.

All VMs run as the same user...

Posted Sep 26, 2009 10:17 UTC (Sat) by rwmj (guest, #5474) [Link]

There you have it. Thanks Avi :-)