On 07/20/2011 08:50 AM, Cleber Rosa wrote:
Just as a reminder: with DAC, if a guest is compromised and somehow
escalates to QEMU, it could disable its isolation (ie, by setting their
own image files world readable). I guess we shouldn't try to fix the DAC
model, but fix what's preventing us from fully using MAC, even though
it's outside of QEMU.
I don't see how a guest making its data world readable is a fundamental
problem.
DAC is a fundamental part of the Unix design and is something that
administrators understand very well. I completely understand the value
of MAC but to argue that we shouldn't present DAC as an option I think
is fundamentally wrong.
Regards,
Anthony Liguori
CR.
Regards,
Anthony Liguori
