[libvirt-users] security BPC
Martin Kletzander
mkletzan at redhat.com
Thu Oct 20 19:44:47 UTC 2016
On Thu, Oct 20, 2016 at 10:48:55AM +0200, Michael Ströder wrote:
>HI!
>
>Disclaimer:
>I'm a libvirt beginner using it for managing virtual machines based on qemu-kvm.
>
>Is there any documentation describing how to harden libvirt/qemu-kvm installations?
>
>Escpecially how to improve isolation of VMs:
>- secure time sync (with or without ntpd?)
>- random number generation
See device RNG [1]
>- running VMs as different host OS users
>
See <seclabel/> [2]
oh, I see we don't have much there. Well then, this would do:
<seclabel model="dac" type="static">
<label>user:group</label>
</seclabel>
Martin
[1] https://libvirt.org/formatdomain.html#elementsRng
[2] https://libvirt.org/formatdomain.html#seclabel
>I do not need general OS hardening advice.
>
>Ciao, Michael.
>
>
>_______________________________________________
>libvirt-users mailing list
>libvirt-users at redhat.com
>https://www.redhat.com/mailman/listinfo/libvirt-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20161020/d292b972/attachment.sig>
More information about the libvirt-users
mailing list