Re: [libvirt] [PATCH 0/2] qemu: add new disk type='lun' for bus='virtio'
On 12/22/2011 11:39 AM, Laine Stump wrote:
These two patches are in response to CVE-2011-4127:
http://seclists.org/oss-sec/2011/q4/536
Once the kernel security fix and corresponding qemu mitigation patch
are in place, access to SG_IO commands from qemu guests will be
disabled by default. This patch series provides a way to explicitly
enable such support when it is required.
Given that this helps mitigate a CVE, I think we want to include this in
0.9.9 (another reason for an rc2 build shortly). I'll go ahead and
review these patches, but I'm still not sure whether we have consensus
on whether to use type='lun' or device='lun'.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 620 bytes)