[pve-devel] Running KVM as root is a security issue

Wolfgang Bumiller w.bumiller at proxmox.com
Mon Jul 27 15:53:00 CEST 2015

> A patch exists to prevent a crash when a socket cannot be opened.
> https://lists.gnu.org/archive/html/qemu-devel/2015-05/msg00577.html

Included in the current 2.4 devel build.

> I've done some experimenting. If I take the KVM command as generated
> by Proxmox and simply add "-runas nobody" the VM starts up and runs
> without a problem.

Yes, that much I've tested, too. I'm worried about the shutdown scripts
though (bridgedown). They might lack permissions if qemu doesn't keep a
privileged parent process around for those.

Ideally the VM can be started directly as a user, though, rather than
using the -runas switch. That will be some work though.

More information about the pve-devel mailing list