[libvirt-users] filesystem accessmode='passthrough'
Yury Goltsov
gg at sbmg.ru
Wed Jul 31 12:41:37 UTC 2013
On 31.07.13 10:26:39, Daniel P. Berrange wrote:
> On Wed, Jul 31, 2013 at 09:03:01AM +0400, Yury Goltsov wrote:
> > After adding the line
> > clear_emulator_capabilities = 0
> > to the file
> > /etc/libvirt/qemu.conf
> > the results of file system operations are the expected color.
>
> NB setting user=root and clear_emulator_capabilities=0 is a very
> insecure configuration. If there was an exploit in QEMU, it would
> allow it to compromise your entire host, unless you have SELinux
> or AppArmor providing protection on QEMU.
>
> Daniel
Thanks for the warning.
We use SElinux on the host.
Yury.
> --
> |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
> |: http://libvirt.org -o- http://virt-manager.org :|
> |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
> |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvirt-users
mailing list