On Thu, Oct 20, 2016 at 10:48:55AM +0200, Michael Ströder wrote:
HI!
Disclaimer:
I'm a libvirt beginner using it for managing virtual machines based on qemu-kvm.
Is there any documentation describing how to harden libvirt/qemu-kvm
installations?
Escpecially how to improve isolation of VMs:
-
Hi,
I want to use Invariant TSC with qemu, and to do that qemu must get the
following args: "-cpu host,migratable=no,+invtsc". invtsc works only if
migratable=no is passed too.
The "+invtsc" part is sucessfully handled by using
inside domain's XML, however I don't how/where to put the
"mi
Hi,
> - running VMs as different host OS users
Described here https://libvirt.org/drvqemu.html#securitydac
> - secure time sync (with or without ntpd?)
Not sure what you mean by hardening here. You can set VM to get its time
from the host (see here
https://libvirt.org/formatdomain.html#eleme
HI!
Disclaimer:
I'm a libvirt beginner using it for managing virtual machines based on qemu-kvm.
Is there any documentation describing how to harden libvirt/qemu-kvm
installations?
Escpecially how to improve isolation of VMs:
- secure time sync (with or without ntpd?)
- random number generation
