James Morris' presentation is referring to this published demonstration of exploiting Xen a few years ago
http://www.securityfocus.com/archive/1/497376 http://invisiblethingslab.com/resources/misc08/xenfb-adventures-10.pdf
The key difference sVirt makes is at chapter 3.4 in the paper.
In Xen world, there was a single SELinux domain (xend_t) that covered XenD and all the QEMU processes. Since all VMs & XenD ran as the same context, any exploited QEMU process in Xen, could access any other guest disks, as well as any host disks.
In the KVM + sVirt world, every QEMU process is separated by a dedicated MCS category on its SELinux context. The disks assigned to a guest are labelled with the same MCS category. This means that an exploited QEMU can only access disks which were explicitly assigned to it, and cannot access the host disk devices. This prevents the step in that paper where they overwrite various key files in the host OS root filesystem
Regards, Daniel
Cool! Is there any well documented KVM exploit that can be reproduced without too much trouble, assuming SELinux (sVirt) is turned off? Then I can demonostrate the effect of sVirt by turning it on. Thank you very much. Shi