All of lore.kernel.org
 help / color / mirror / Atom feed
From: Stefan Hajnoczi <stefanha@gmail.com>
To: elena.ufimtseva@oracle.com
Cc: qemu-devel@nongnu.org, john.g.johnson@oracle.com,
	sstabellini@kernel.org, jag.raman@oracle.com,
	konrad.wilk@oracle.com, ross.lagerwall@citrix.com,
	liran.alon@oracle.com, stefanha@redhat.com,
	kanth.ghatraju@oracle.com
Subject: Re: [Qemu-devel] [multiprocess RFC PATCH 36/37] multi-process: add the concept description to docs/devel/qemu-multiprocess
Date: Thu, 7 Mar 2019 14:26:09 +0000	[thread overview]
Message-ID: <20190307142609.GF2843@stefanha-x1.localdomain> (raw)
In-Reply-To: <20190307072253.9868-1-elena.ufimtseva@oracle.com>

[-- Attachment #1: Type: text/plain, Size: 1013 bytes --]

On Wed, Mar 06, 2019 at 11:22:53PM -0800, elena.ufimtseva@oracle.com wrote:
> diff --git a/docs/devel/qemu-multiprocess.txt b/docs/devel/qemu-multiprocess.txt
> new file mode 100644
> index 0000000..e29c6c8
> --- /dev/null
> +++ b/docs/devel/qemu-multiprocess.txt

Thanks for this document and the interesting work that you are doing.
I'd like to discuss the security advantages gained by disaggregating
QEMU in more detail.

The security model for VMs managed by libvirt (most production x86, ppc,
s390 guests) is that the QEMU process is untrusted and only has access
to resources belonging to the guest.  SELinux is used to restrict the
process from accessing other files, processes, etc on the host.

QEMU does not hold privileged resources that must be kept away from the
guest.  An escaped guest can access its image file, tap file descriptor,
etc but they are the same resources it could already access via device
emulation.

Can you give specific examples of how disaggregation improves security?

Stefan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 455 bytes --]

  parent reply	other threads:[~2019-03-07 14:26 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-03-07  7:22 [Qemu-devel] [multiprocess RFC PATCH 36/37] multi-process: add the concept description to docs/devel/qemu-multiprocess elena.ufimtseva
2019-03-07  8:14 ` Thomas Huth
2019-03-07 14:16   ` Kevin Wolf
2019-03-07 14:21     ` Thomas Huth
2019-03-07 14:40       ` Konrad Rzeszutek Wilk
2019-03-07 14:53         ` Thomas Huth
2019-03-08 18:22     ` Elena Ufimtseva
2019-03-07 14:26 ` Stefan Hajnoczi [this message]
2019-03-07 14:51   ` Daniel P. Berrangé
2019-03-07 16:05     ` Michael S. Tsirkin
2019-03-07 16:19       ` Daniel P. Berrangé
2019-03-07 16:46         ` Michael S. Tsirkin
2019-03-07 16:49           ` Daniel P. Berrangé
2019-03-07 19:27     ` Stefan Hajnoczi
2019-03-07 23:29       ` John G Johnson
2019-03-08  9:50         ` Stefan Hajnoczi
     [not found]           ` <20190326080822.GC21018@stefanha-x1.localdomain>
     [not found]             ` <e5395abf-6b41-46c8-f5af-3210077dfdd5@oracle.com>
     [not found]               ` <CAAdtpL4ztcpf-CTx0fc5T_+VQ+8upHa2pEMoiZPcmBXOO6L3Og@mail.gmail.com>
2019-04-23 21:26                 ` Jag Raman
2019-04-25 15:44                   ` Stefan Hajnoczi
2019-04-25 15:44                     ` Stefan Hajnoczi
2019-05-07 19:00                     ` Jag Raman
2019-05-23 10:40                       ` Stefan Hajnoczi
2019-06-11 15:53                         ` Jag Raman
2019-05-23 11:11                       ` Stefan Hajnoczi
2019-05-28 15:18                         ` Elena Ufimtseva
2019-05-30 20:54                           ` Elena Ufimtseva
2019-06-11 15:59                             ` Jag Raman
2019-06-12 16:24                             ` Stefan Hajnoczi
2019-06-12 17:01                               ` Elena Ufimtseva
2019-03-11 10:20         ` Daniel P. Berrangé
2019-05-07 21:00           ` Elena Ufimtseva
2019-05-23 11:22             ` Stefan Hajnoczi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190307142609.GF2843@stefanha-x1.localdomain \
    --to=stefanha@gmail.com \
    --cc=elena.ufimtseva@oracle.com \
    --cc=jag.raman@oracle.com \
    --cc=john.g.johnson@oracle.com \
    --cc=kanth.ghatraju@oracle.com \
    --cc=konrad.wilk@oracle.com \
    --cc=liran.alon@oracle.com \
    --cc=qemu-devel@nongnu.org \
    --cc=ross.lagerwall@citrix.com \
    --cc=sstabellini@kernel.org \
    --cc=stefanha@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.