Re: [Qemu-devel] KVM call agenda for Novemeber 22

[Alex Jia]

Hi Yongbo,
I know VMsafe covers three main areas are Memory, Disk and Network
for securing the virtual environment, as far as I know, for kvm
security, we have similar security features or resource management
and control, for instance:

1. Host network isolation, configuring network interface for the host
and a separate network interface for the guest operating systems.

2. SELinux automatically stores and protect images on host

3. Secure remote management with libvirt such as using SSH tunnels,
using SASL authentication and encryption and using TLS for remote access

4. Using sVirt isolates virtual machines

5. With cgroups in RHEL6, you can restrict a set of tasks to a set of
resources, prevent denial-of-service situations in KVM environments,
and monitor resource use

6. Disk-image encryption is a technique aimed at protecting data at rest

7. Auditing the KVM virtualization host and guests

In addition, libvirt includes a pluggable framework for lock managers,
which hypervisor drivers can use to ensure safety for guest domain disks,
and potentially other resources.

Of course, I'm not a developer, I believe that virt developers can show
more security technique or features for virtualization to you.

Regards,
Alex


----- Original Message -----
From: "王永博" <address@hidden>
To: address@hidden
Cc: "Developers qemu-devel" <address@hidden>, "KVM devel mailing list" 
<address@hidden>
Sent: Wednesday, November 23, 2011 9:44:39 AM
Subject: Re: [Qemu-devel] KVM call agenda for Novemeber 22

Does kvm has  the api like vmsafe to help cooperator  protect their product ?

2011/11/22 Juan Quintela <address@hidden>:
>
> Hi
>
> Please send in any agenda items you are interested in covering.
>
> Later, Juan.
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to address@hidden
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>