|
From: | Anthony Liguori |
Subject: | Re: [Qemu-devel] live snapshot wiki updated |
Date: | Wed, 20 Jul 2011 09:34:12 -0500 |
User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110516 Lightning/1.0b2 Thunderbird/3.1.10 |
On 07/20/2011 08:50 AM, Cleber Rosa wrote:
Just as a reminder: with DAC, if a guest is compromised and somehow escalates to QEMU, it could disable its isolation (ie, by setting their own image files world readable). I guess we shouldn't try to fix the DAC model, but fix what's preventing us from fully using MAC, even though it's outside of QEMU.
I don't see how a guest making its data world readable is a fundamental problem.
DAC is a fundamental part of the Unix design and is something that administrators understand very well. I completely understand the value of MAC but to argue that we shouldn't present DAC as an option I think is fundamentally wrong.
Regards, Anthony Liguori
CR.Regards, Anthony Liguori
[Prev in Thread] | Current Thread | [Next in Thread] |