[pve-devel] Running KVM as root is a security issue
Wolfgang Bumiller
w.bumiller at proxmox.com
Mon Jul 27 16:23:11 CEST 2015
On Mon, Jul 27, 2015 at 04:07:10PM +0200, Alexandre DERUMIER wrote:
> >>Yes, that much I've tested, too. I'm worried about the shutdown scripts
> >>though (bridgedown). They might lack permissions if qemu doesn't keep a
> >>privileged parent process around for those.
>
> I think that pci passthrough need root access too. (maybe not with vfio).
>
> Not sure about disks with /dev/ mapping ?
I'm pretty sure there are ways to get those privileges. Worst case you
add the necessary capabilities(7).
More information about the pve-devel
mailing list