[pve-devel] KVM Security

Eric Blevins ericlb100 at gmail.com
Mon Aug 4 22:12:50 CEST 2014

>I think that direct access to /dev/... don't work

Could Proxmox simply chown resources used by KVM before starting KVM?
This would make transition to non-root KVM easier for most people too.

> I am also unsure if there is a way to pass auth info to iscsi/glusterfs/ceph libraries (without
> exposing that info to non-root users).

Could this info be provided using environment variables?
Maybe make the file read only for the KVM process group?

I created a bugzilla item for this:

More information about the pve-devel mailing list