<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body smarttemplateinserted="true" bgcolor="#FFFFFF" text="#000000">
<div id="smartTemplate4-template">
<p>Hi,</p>
<p>> - running VMs as different host OS users<br>
</p>
<p>Described here <a class="moz-txt-link-freetext" href="https://libvirt.org/drvqemu.html#securitydac">https://libvirt.org/drvqemu.html#securitydac</a><br>
</p>
</div>
> - secure time sync (with or without ntpd?)<br>
<br>
Not sure what you mean by hardening here. You can set VM to get its
time from the host (see here
<a class="moz-txt-link-freetext" href="https://libvirt.org/formatdomain.html#elementsTime">https://libvirt.org/formatdomain.html#elementsTime</a>) and disable ntp
in VM's OS.<br>
<br>
<div class="moz-signature"><i>--Regards, Aleksei</i>
</div>
<br>
<div id="smartTemplate4-quoteHeader">
<hr><br>
<b>From:</b> Michael Ströder<br>
<b>Sent:</b> Thursday, October 20, 2016 11:48AM<br>
<b>To:</b> Libvirt-users<br>
<b>Subject:</b> [libvirt-users] security BPC</div>
<blockquote
cite="mid:b1f4ad71-d7ed-ac6a-8e36-c944370b67f7@stroeder.com"
type="cite">
<pre wrap="">HI!
Disclaimer:
I'm a libvirt beginner using it for managing virtual machines based on qemu-kvm.
Is there any documentation describing how to harden libvirt/qemu-kvm installations?
Escpecially how to improve isolation of VMs:
- secure time sync (with or without ntpd?)
- random number generation
- running VMs as different host OS users
I do not need general OS hardening advice.
Ciao, Michael.
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
libvirt-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:libvirt-users@redhat.com">libvirt-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/libvirt-users">https://www.redhat.com/mailman/listinfo/libvirt-users</a></pre>
</blockquote>
<br>
</body>
</html>