Re: [Qemu-devel] chroot jailing...

2014-01-13 Thread immersive.ex...@gmail.com
That's what I thought; just had to be sure. Thanks all... On 01/13/2014 09:38 AM, Alex Bennée wrote: > immersive.ex...@gmail.com writes: > >> Thanks! >> >> So it sounds like you're saying selinux is the only meaningful thing to try? &g

Re: [Qemu-devel] chroot jailing...

2014-01-12 Thread immersive.ex...@gmail.com
er to the host OS; not so much for security... On 01/12/2014 11:11 PM, Stefan Hajnoczi wrote: > On Sun, Jan 12, 2014 at 02:17:43PM -0500, immersive.ex...@gmail.com wrote: >> Would there be any security benefits, without suffering any considerable >> relative los

[Qemu-devel] chroot jailing...

2014-01-12 Thread immersive.ex...@gmail.com
Would there be any security benefits, without suffering any considerable relative loss in performance, to (chroot) jailing qemu? Can it, practically speaking, be done?? Would that be a partial safeguard against virtual machine escapes? Or is it the case that if a virtual machine escape takes place,