[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: RFC v2: virtio-hostmem: static, guest-owned memory regions
On Mon, Mar 04, 2019 at 09:57:06AM -0800, Frank Yang wrote: > - Security model is pushed to the guest-specific layers like selinux; it is > possible (and this is useful) for a physical page to be shared across guest > processes, and it is up to the guest's current security model to enforce > malicious apps not having access. However mechanisms such as selinux are all kernel based. In your scheme kernel has no knowledge about the content of the memory and data flows through direct mmap to guest userspace bypassing guest kernel. I don't see how you will be able to come up with an selinux policy to decide which memory is safe to share. -- MST
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]