Andrey Korolyov
2015-Jun-18 17:49 UTC
[libvirt-users] Migration b/w nodes with different security models
Hello, I`ve found that the currently end-user may not migrate a VM between nodes with different security_require_confined, what are reasons to forbid such a thing? The security measures are almost not applicable here - if the guest was able to poison the emulator` stack on an unsecured node, he may do the same on a secured one, though the potential consequences will be far more limited. Are there any real-world cases whose prohibition may be helpful in a terms of security measurements for migration I am currently missing? I think it would be safe to exclude total poisoning of a source node in which case libvirtd itself is owned and can try to send a malicious configuration (with changed backing files locations for example). Thanks!
Reasonably Related Threads
- [PATCH v28 3/4] mm/page_poison: add a function to expose page poison val to kernel modules
- [virtio-dev] Re: [PATCH] virtio-balloon: Disable free page hinting/reporting if page poison is disabled
- [virtio-dev] Re: [PATCH] virtio-balloon: Disable free page hinting/reporting if page poison is disabled
- [PATCH v2] virtio-balloon: Disable free page reporting if page poison reporting is not enabled
- [virtio-dev] Re: [PATCH] virtio-balloon: Disable free page hinting/reporting if page poison is disabled