[pve-devel] KVM Security

Eric Blevins ericlb100 at gmail.com
Mon Aug 4 22:12:50 CEST 2014


>I think that direct access to /dev/... don't work
>

Could Proxmox simply chown resources used by KVM before starting KVM?
This would make transition to non-root KVM easier for most people too.

>
> I am also unsure if there is a way to pass auth info to iscsi/glusterfs/ceph libraries (without
> exposing that info to non-root users).
>

Could this info be provided using environment variables?
Maybe make the file read only for the KVM process group?

I created a bugzilla item for this:
https://bugzilla.proxmox.com/show_bug.cgi?id=547



More information about the pve-devel mailing list