Also in Fedora 12, /dev/kvm has mode 0666 out of the box, allowing qemu:///session uses to use KVM acceleration.
The libvirt security architecture that deals with sVirt is modular allowing arbitrary security plugins. The Ubuntu devs have got an impl using AppArmour. It would also be possible to write an impl that ran each VM as a unique user ID.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds