Hello, I'd be interested to learn more about the security 'vision' of qemu/kvm being two components, one running in-kernel, one running in user land. What are the security advantages of running guests as non-root?
In case of a qemu or KVM vulnerability, won't malicious guests gain kernel privilege no matter what user is running qemu? If a guest is able to execute arbitrary code as the "qemu" user, can it escalate to root privileges using /dev/kvm? I've also asked this on StackExchange [1], for visibility. Thanks, Maxime [1]: https://security.stackexchange.com/questions/236681/what-are-the-security-risks-of-running-qemu-kvm-as-root
