[libvirt-users] Direct Kernel Boot and Security
Peter Krempa
pkrempa at redhat.com
Tue Jun 26 06:20:54 UTC 2018
On Sun, Jun 24, 2018 at 21:19:06 +0000, procmem wrote:
> Hi. What are the security implications for the host when using direct
> kernel boot for guests that are potentially malicious? Is guest
The same as for any VM. The only factor may be how the kernel for the
guest is obtained. If the kernel and initrd are present on the host it's
as every other VM.
Obviously if you try to get the kernel/initrd from the guest/VM image
there are security implications e.g. by mounting the image on the host.
> filesystem data saved to an emulated drive or directly on the host? [0]
This depends solely on the configuration of the <disk> so anything
related to that applies.
> Direct boot seems like an otherwise more efficient way to do things.
>
> [0] It was discovered that tenants using cloud infrastructure that used
> LVM were able to recover deleted sensitive data from others however
> emulated drives control the data available to the guest at a very low
> level and consequently don't suffer from this huge disadvantage.
Using a qcow2 image as a file can avoid this. Just set your disks
correctly.
>
> _______________________________________________
> libvirt-users mailing list
> libvirt-users at redhat.com
> https://www.redhat.com/mailman/listinfo/libvirt-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20180626/3115bedf/attachment.sig>
More information about the libvirt-users
mailing list