Re: [Qemu-devel] live snapshot wiki updated

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] live snapshot wiki updated

From:	Anthony Liguori
Subject:	Re: [Qemu-devel] live snapshot wiki updated
Date:	Wed, 20 Jul 2011 09:34:12 -0500
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110516 Lightning/1.0b2 Thunderbird/3.1.10

On 07/20/2011 08:50 AM, Cleber Rosa wrote:

Just as a reminder: with DAC, if a guest is compromised and somehow
escalates to QEMU, it could disable its isolation (ie, by setting their
own image files world readable). I guess we shouldn't try to fix the DAC
model, but fix what's preventing us from fully using MAC, even though
it's outside of QEMU.

I don't see how a guest making its data world readable is a fundamentalproblem.

DAC is a fundamental part of the Unix design and is something thatadministrators understand very well. I completely understand the valueof MAC but to argue that we shouldn't present DAC as an option I thinkis fundamentally wrong.


Regards,

Anthony Liguori

CR.


Regards,

Anthony Liguori

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] live snapshot wiki updated, (continued)

Prev by Date: Re: [Qemu-devel] [RFC v4 00/58] Memory API
Next by Date: Re: [Qemu-devel] [PATCHv2] target-arm: support for ARM1176JZF-s cores
Previous by thread: Re: [Qemu-devel] live snapshot wiki updated
Next by thread: Re: [Qemu-devel] live snapshot wiki updated
Index(es):
- Date
- Thread