Re: [libvirt] security: the qemu agent command "guest-exec" may cause Insider Access

>>Host can read all of the guest's memory or mount the image and modify >>the guest agent. Or even add their own communication program that can >>do anything. >> > >I get your point now! :) Thanks a lot!! > >Further more, kvm seems not as secure as xen, because xen isolates dom0 and domU well, >The administrator on dom0 couldn't access many things belonged to domUs. >How to solve such problem in kvm? Any scheme? I don't know xen much, but maybe AMD SEV or everything-signed-by TPM would help...