qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 0/5] ATAPI pass through v2


From: Anthony Liguori
Subject: Re: [Qemu-devel] [PATCH 0/5] ATAPI pass through v2
Date: Wed, 08 Jul 2009 13:06:09 -0500
User-agent: Thunderbird 2.0.0.21 (X11/20090320)

Vincent Hanquez wrote:
On Wed, Jul 08, 2009 at 12:20:59PM -0500, Anthony Liguori wrote:
I'm sure something like SELinux can be used to prevent a root QEMU process from doing a firmware upgrade.
*boggle*  You're not serious, are you ?
Yes, I'm actually a fan of SELinux in the context of a dedicated virtualization system.

do you really expect to put a SCSI packet inspector (to detect firmware update
for example) in a SELinux layer ?

SELinux uses LSM to provide security hooks for enforcement so if there isn't already, one would add an LSM hook in the Linux ATAPI driver for firmware updates.

Regards,

Anthony Liguori





reply via email to

[Prev in Thread] Current Thread [Next in Thread]