[libvirt-users] security BPC

Martin Kletzander mkletzan at redhat.com
Thu Oct 20 19:44:47 UTC 2016

On Thu, Oct 20, 2016 at 10:48:55AM +0200, Michael Ströder wrote:
>I'm a libvirt beginner using it for managing virtual machines based on qemu-kvm.
>Is there any documentation describing how to harden libvirt/qemu-kvm installations?
>Escpecially how to improve isolation of VMs:
>- secure time sync (with or without ntpd?)
>- random number generation

See device RNG [1]

>- running VMs as different host OS users

See <seclabel/> [2]

oh, I see we don't have much there.  Well then, this would do:

<seclabel model="dac" type="static">


[1] https://libvirt.org/formatdomain.html#elementsRng
[2] https://libvirt.org/formatdomain.html#seclabel

>I do not need general OS hardening advice.
>Ciao, Michael.

>libvirt-users mailing list
>libvirt-users at redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20161020/d292b972/attachment.sig>

More information about the libvirt-users mailing list