Re: [Qemu-devel] [libvirt] live snapshot wiki updated

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [libvirt] live snapshot wiki updated

From:	Stefan Hajnoczi
Subject:	Re: [Qemu-devel] [libvirt] live snapshot wiki updated
Date:	Wed, 20 Jul 2011 12:40:51 +0100

On Wed, Jul 20, 2011 at 11:28 AM, Daniel P. Berrange
<address@hidden> wrote:
> On Wed, Jul 20, 2011 at 12:15:02PM +0200, Nicolas Sebrecht wrote:
>> The 20/07/11, Daniel P. Berrange wrote:
>>
>> > To make the decision whether the filename from QEMU is valid, we have
>> > to parse the master image header data to see if the filename actually
>> > matches the backing file required by the image assigned to the guest.
>>
>> Actually, libvirt should not have to worry if the filename provided by
>> QEMU is valid. I think it should trust QEMU. If QEMU doesn't provide
>> information others can trust; it should be fixed at QEMU side.
>
> The security goal of libvirt is to protect the host from a compromised
> QEMU, therefore QEMU is, by definition, untrusted.

This is a very reasonable goal.  QEMU is constantly dealing with the
untrusted guest.  The whole point of SELinux isolation of QEMU is to
contain any compromise to a single VM and reduce the capabilities of
that process to the minimum.

libvirt needs to help set the boundaries of what the QEMU process can do.

Stefan

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] live snapshot wiki updated, (continued)

Prev by Date: Re: [Qemu-devel] [RFC v4 00/58] Memory API
Next by Date: Re: [Qemu-devel] [RFC v4 00/58] Memory API
Previous by thread: Re: [Qemu-devel] [libvirt] Re: live snapshot wiki updated
Next by thread: Re: [Qemu-devel] [libvirt] live snapshot wiki updated
Index(es):
- Date
- Thread