qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC] Device sandboxing

From: Paul Brook
Subject: Re: [Qemu-devel] [RFC] Device sandboxing
Date: Fri, 9 Dec 2011 16:17:50 +0000
User-agent: KMail/1.13.7 (Linux/3.1.0-1-amd64; KDE/4.6.5; x86_64; ; ) 
> A group of us are starting to work on sandboxing QEMU device emulation
> code.  We're just getting started investigating various approaches, and
> want to engage the community to gather input.
> 
> Following are the design points that we are currently considering:
> 
> * Decompose QEMU into multiple processes:
> 
>      * This could be done such that QEMU devices execute in separate
>        processes based on device type, e.g. all block devices in one
>        process and all network devices in a second process.  Another
>        alternative is executing a separate process per device.

I can't help wondering if nested virtualization would be a better solution.  
i.e. have an outer VM that only implements a trusted subset of devices. Inside 
that run a VM that provides the flakey legacy device emulation you expect to 
be compromised.

Paul
reply via email to
[Prev in Thread] Current Thread [Next in Thread]