2009-06-17 12:49:12 |
Jamie Strandboge |
description |
Virtual machines started by libvirt run unconfined. If there is a bug in the hypervisor a guest could potentially attack other guests or the host. Providing an AppArmor profile would help protect against this. As of libvirt 0.6.1, sVirt has been merged and contains all the necessary hooks through a plugin architecture to confine a virtual machine using SELinux. Providing an AppArmor plugin would help increase security and contain virtual machines in Ubuntu.
See http://fedoraproject.org/wiki/Features/SVirt_Mandatory_Access_Control for details. |
Virtual machines started by libvirt run unconfined. If there is a bug in the hypervisor a guest could potentially attack other guests or the host. Providing an AppArmor profile would help protect against this. As of libvirt 0.6.1, sVirt has been merged and contains all the necessary hooks through a plugin architecture to confine a virtual machine using SELinux. Providing an AppArmor plugin would help increase security and contain virtual machines in Ubuntu.
See https://wiki.ubuntu.com/SecurityTeam/Specifications/AppArmorLibvirtProfile and http://fedoraproject.org/wiki/Features/SVirt_Mandatory_Access_Control for details. |
|