Re: [libvirt] [PATCH] qemu: Add a qemu.conf option for clearing capabilities

> Leaving qemu privileged means that a compromised guest can exploit the > privileges and do damage to the hypervisor; is it worth adding > additional comments warning the user about the lack of security inherent > in clearing the option? > How about # If clear_emulator_capabilities is enabled, libvirt will drop all # privileged capabilities of the QEmu/KVM emulator. This is enabled by # default. # # Warning: Disabling this option means that a compromised guest can # exploit the privileges and possibly do damage to the host.