[pve-devel] [PATCH qemu-server] api: add 'allow-ksm' to memory options
Fiona Ebner
f.ebner at proxmox.com
Tue Nov 18 11:22:20 CET 2025
Am 18.11.25 um 11:12 AM schrieb Fabian Grünbichler:
> On November 18, 2025 11:08 am, Fiona Ebner wrote:
>> Am 18.11.25 um 10:42 AM schrieb Fabian Grünbichler:
>>> else it is treated as root-only parameter, and since the UI will set/clear it
>>> by default, that makes memory-editing in its entirety root-only.
>>
>> Should it be editable by users with "just" VM.Config.Memory? One main
>> use case is security-related to avoid side-channel attacks. If the
>> answer is no, we should fix the UI of course ;)
>
> IMHO, yes. it is the default after all, and its purpose is to protect
> this VM against other co-located guests, not against other admins that
> are allowed to (re-)configure my VM.
Yes, good point :)
More information about the pve-devel
mailing list