|
From: | Anthony Liguori |
Subject: | Re: [Qemu-devel] [PATCH 0/5] ATAPI pass through v2 |
Date: | Wed, 08 Jul 2009 13:06:09 -0500 |
User-agent: | Thunderbird 2.0.0.21 (X11/20090320) |
Vincent Hanquez wrote:
On Wed, Jul 08, 2009 at 12:20:59PM -0500, Anthony Liguori wrote:Yes, I'm actually a fan of SELinux in the context of a dedicated virtualization system.I'm sure something like SELinux can be used to prevent a root QEMU process from doing a firmware upgrade.*boggle* You're not serious, are you ?do you really expect to put a SCSI packet inspector (to detect firmware update for example) in a SELinux layer ?
SELinux uses LSM to provide security hooks for enforcement so if there isn't already, one would add an LSM hook in the Linux ATAPI driver for firmware updates.
Regards, Anthony Liguori
[Prev in Thread] | Current Thread | [Next in Thread] |