Re: [libvirt-users] Direct Kernel Boot and Security
On Sun, Jun 24, 2018 at 21:19:06 +0000, procmem wrote:
Hi. What are the security implications for the host when using
direct
kernel boot for guests that are potentially malicious? Is guest
The same as for any VM. The only factor may be how the kernel for the
guest is obtained. If the kernel and initrd are present on the host it's
as every other VM.
Obviously if you try to get the kernel/initrd from the guest/VM image
there are security implications e.g. by mounting the image on the host.
filesystem data saved to an emulated drive or directly on the host?
[0]
This depends solely on the configuration of the <disk> so anything
related to that applies.
Direct boot seems like an otherwise more efficient way to do things.
[0] It was discovered that tenants using cloud infrastructure that used
LVM were able to recover deleted sensitive data from others however
emulated drives control the data available to the guest at a very low
level and consequently don't suffer from this huge disadvantage.
Using a qcow2 image as a file can avoid this. Just set your disks
correctly.
_______________________________________________
libvirt-users mailing list
libvirt-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users
Attachments:
- signature.asc (application/pgp-signature — 833 bytes)