[pve-devel] KVM Security
aderumier at odiso.com
Tue Apr 22 17:42:19 CEST 2014
I think that direct access to /dev/... don't work, maybe also usb/pci passthrough
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Eric Blevins" <ericlb100 at gmail.com>, pve-devel at pve.proxmox.com
Envoyé: Mardi 22 Avril 2014 16:50:43
Objet: Re: [pve-devel] KVM Security
> Why does Proxmox run KVM process as root?
Only for simplicity. It would need a careful audit to see what features are broken if we run as non-root.
> Running KVM as a non-root user would be much more secure, a flaw allowing
> code execution on the host would be limited by the user account.
> For added security running each KVM process as a unique user would prevent an
> exploit in one guest from accessing virtual disks of another guest provided
> proper permissions were also applied to the vm disk files/devices.
Would be great if somebody helps to analyze those issues in more detail.
Some volunteers here?
pve-devel mailing list
pve-devel at pve.proxmox.com
More information about the pve-devel