
28 May
2010
28 May
'10
12:57 p.m.
On 05/28/2010 10:46 AM, Cole Robinson wrote:
Leaving qemu privileged means that a compromised guest can exploit the privileges and do damage to the hypervisor; is it worth adding additional comments warning the user about the lack of security inherent in clearing the option?
How about
# If clear_emulator_capabilities is enabled, libvirt will drop all # privileged capabilities of the QEmu/KVM emulator. This is enabled by # default. # # Warning: Disabling this option means that a compromised guest can # exploit the privileges and possibly do damage to the host.
Sounds good to me with that wording. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org