[pve-devel] KVM Security

Eric Blevins ericlb100 at gmail.com
Tue Apr 22 16:23:56 CEST 2014


Why does Proxmox run KVM process as root?

Running KVM as a non-root user would be much more secure, a flaw allowing
code execution on the host would be limited by the user account.

For added security running each KVM process as a unique user would prevent
an exploit in one guest from accessing virtual disks of another guest
provided proper permissions were also applied to the vm disk files/devices.

Eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pve.proxmox.com/pipermail/pve-devel/attachments/20140422/f47a6e71/attachment.html>


More information about the pve-devel mailing list