[pve-devel] KVM Security

Alexandre DERUMIER aderumier at odiso.com
Tue Apr 22 17:58:25 CEST 2014


>>maybe also usb/pci passthrough 
maybe with vfio it'll work


also, I think we need to suid the pve-bridge script, to be able to create tap devices
----- Mail original ----- 

De: "Alexandre DERUMIER" <aderumier at odiso.com> 
À: "Dietmar Maurer" <dietmar at proxmox.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Mardi 22 Avril 2014 17:42:19 
Objet: Re: [pve-devel] KVM Security 

I think that direct access to /dev/... don't work, maybe also usb/pci passthrough 


----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Eric Blevins" <ericlb100 at gmail.com>, pve-devel at pve.proxmox.com 
Envoyé: Mardi 22 Avril 2014 16:50:43 
Objet: Re: [pve-devel] KVM Security 

> Why does Proxmox run KVM process as root? 

Only for simplicity. It would need a careful audit to see what features are broken if we run as non-root. 

> Running KVM as a non-root user would be much more secure, a flaw allowing 
> code execution on the host would be limited by the user account. 
> For added security running each KVM process as a unique user would prevent an 
> exploit in one guest from accessing virtual disks of another guest provided 
> proper permissions were also applied to the vm disk files/devices. 

Would be great if somebody helps to analyze those issues in more detail. 
Some volunteers here? 


_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 


More information about the pve-devel mailing list