[Qemu-devel] chroot jailing...

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] chroot jailing...

From:	address@hidden
Subject:	[Qemu-devel] chroot jailing...
Date:	Sun, 12 Jan 2014 14:17:43 -0500
User-agent:	Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20131104 Icedove/17.0.10

Would there be any security benefits, without suffering any considerable
relative loss in performance, to (chroot) jailing qemu? Can it,
practically speaking, be done?? Would that be a partial safeguard
against virtual machine escapes? Or is it the case that if a virtual
machine escape takes place, then all bets are probably off? (i.e., you
probably have already pole-vaulted over any filesystem driver/partition
access control mechanisms...) Are there any articles or discussions that
I can be directed to about it? (my focus for now is 64 bit, Intel core
i7...) Are there specific suggestions and/or guidelines for attempting
to do so -or not??

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] chroot jailing..., address@hidden <=
- Re: [Qemu-devel] chroot jailing..., Stefan Hajnoczi, 2014/01/12
  - Re: [Qemu-devel] chroot jailing..., address@hidden, 2014/01/12
    - Re: [Qemu-devel] chroot jailing..., Markus Armbruster, 2014/01/13
    - Re: [Qemu-devel] chroot jailing..., Alex Bennée, 2014/01/13
    - Re: [Qemu-devel] chroot jailing..., address@hidden, 2014/01/13

Prev by Date: Re: [Qemu-devel] [PATCH arm-midr v1 1/2] ARM: Convert MIDR to a property
Next by Date: Re: [Qemu-devel] [PULL 0/1] target-arm queue: build breakage fix
Previous by thread: [Qemu-devel] [PATCH arm-midr v1 0/2] ARM-MIDR Make ARM-MIDR a property and use in Zynq
Next by thread: Re: [Qemu-devel] chroot jailing...
Index(es):
- Date
- Thread