[pve-devel] Running KVM as root is a security issue

Wolfgang Bumiller w.bumiller at proxmox.com
Mon Jul 27 16:23:11 CEST 2015


On Mon, Jul 27, 2015 at 04:07:10PM +0200, Alexandre DERUMIER wrote:
> >>Yes, that much I've tested, too. I'm worried about the shutdown scripts
> >>though (bridgedown). They might lack permissions if qemu doesn't keep a
> >>privileged parent process around for those.
> 
> I think that pci passthrough need root access too. (maybe not with vfio).
> 
> Not sure about disks with /dev/ mapping ?

I'm pretty sure there are ways to get those privileges. Worst case you
add the necessary capabilities(7).



More information about the pve-devel mailing list