[libvirt] Notes from the KVM Forum relevant to libvirt
Daniel P. Berrange
berrange at redhat.com
Tue Aug 23 15:31:11 UTC 2011
On Tue, Aug 23, 2011 at 04:24:46PM +0100, Stefan Hajnoczi wrote:
> On Tue, Aug 23, 2011 at 12:15 PM, Daniel P. Berrange
> <berrange at redhat.com> wrote:
> > I was at the KVM Forum / LinuxCon last week and there were many
> > interesting things discussed which are relevant to ongoing libvirt
> > development. Here was the list that caught my attention. If I have
> > missed any, fill in the gaps....
> >
> > - Sandbox/container KVM. The Solaris port of KVM puts QEMU inside
> > a zone so that an exploit of QEMU can't escape into the full OS.
> > Containers are Linux's parallel of Zones, and while not nearly as
> > secure yet, it would still be worth using more containers support
> > to confine QEMU.
>
> Can you elaborate on why Linux containers are "not nearly as secure"
> [as Solaris Zones]?
Mostly because the Linux namespace functionality is far from complete,
notably lacking proper UID/GID/capability separation, and UID/GID
virtualization wrt filesystems. The longer answer is here:
https://wiki.ubuntu.com/UserNamespace
So at this time you can't build a secure container on Linux, relying
just on DAC alone. You have to add in a MAC layer ontop of the container
to get full security benefits, which obviously defeats the point of
using the container as a backup for failure in the MAC layer.
> > - Native KVM tool. The problem statement was that the QEMU code is too
> > big/complex & and command line args are too complex, so lets rewrite
> > from scratch to make the code small & CLI simple. They achieve this,
> > but of course primarily because they lack so many features compared
> > to QEMU. They had libvirt support as a bullet point on their preso,
> > but I'm not expecting it to replace the current QEMU KVM support in
> > the forseeable future, given its current level of features and the
> > size of its dev team compared to QEMU/KVM. They did have some fun
> > demos of booting using the host OS filesystem though. We can
> > actually do the same with regular KVM/libvirt but there's no nice
> > demo tool to show it off. I'm hoping to create one....
>
> Yep it's virtfs which QEMU has supported for a while. The trick is
> setting things up so that the Linux guest boots from virtfs.
It isn't actually that hard from a technical POV, it is just that most
(all?) distros typical initrd files lack support for specifying 9p over
virtio as a root filesystem.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list