[libvirt] libvirt-qemu.so subject to sVirt?

Eric Blake eblake at redhat.com
Fri Sep 5 03:48:36 UTC 2014

On 09/04/2014 08:37 PM, bancfc at openmailbox.org wrote:
> Hello. I am thinking about using the feature of passing through qemu
> commands via libvirt. Before I do that I want to make sure that it
> doesn't have negative security implications.

Only if the actions you do through the backdoor cause something to
happen behind libvirt's back in a way that makes libvirt misbehave.
It's enough of a risk that the interface is explicitly declared
unsupported; but if you only use it for QMP query-* commands, which
cannot change qemu state, and therefore cannot confuse libvirt, you
probably have no security risk.

> I understand that talking to qemu-kvm directly via commandline strips
> vms from having sVirt protections applied.
> Is use of this feature the same case?

The domain is still started by libvirt, so sVirt is still in full force.
 Using virDomainQemuMonitorCommand is indeed a reasonable way to get
through to the qemu monitor while still keeping the security labels
intact.  Where it gets tricky is what commands you use - better would be
patching libvirt to support those actions as a proper supported API.

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 539 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140904/329ce48c/attachment-0001.sig>

More information about the libvir-list mailing list