[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] libvirt-qemu.so subject to sVirt?



On 09/04/2014 08:37 PM, bancfc openmailbox org wrote:
> Hello. I am thinking about using the feature of passing through qemu
> commands via libvirt. Before I do that I want to make sure that it
> doesn't have negative security implications.

Only if the actions you do through the backdoor cause something to
happen behind libvirt's back in a way that makes libvirt misbehave.
It's enough of a risk that the interface is explicitly declared
unsupported; but if you only use it for QMP query-* commands, which
cannot change qemu state, and therefore cannot confuse libvirt, you
probably have no security risk.

> 
> I understand that talking to qemu-kvm directly via commandline strips
> vms from having sVirt protections applied.
> 
> Is use of this feature the same case?

The domain is still started by libvirt, so sVirt is still in full force.
 Using virDomainQemuMonitorCommand is indeed a reasonable way to get
through to the qemu monitor while still keeping the security labels
intact.  Where it gets tricky is what commands you use - better would be
patching libvirt to support those actions as a proper supported API.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]