Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V).
Questions tagged [kvm]
24 questions
9
votes
2 answers
Does Docker provide the same security as a vm
Does Docker provide the same level of security/isolation as a virtual machine running over a hypervisor? If not, how can that be achieved?
Ijaz Ahmad
- 1,592
- 1
- 11
- 20
6
votes
1 answer
GPU passthrough security
How secure is the host operating system from the guest virtual machine's OS when using GPU passthrough (using the methods described here)?
If the guest is compromised, can it permanently infect the GPU and its firmware? If it's possible, what could…
user220850
- 101
- 5
4
votes
2 answers
Can USB ethernet passthrough to a KVM virtual machine isolate network-related kernel vulnerabilities?
I'm worried about the attack surface that the linux kernel networking stack, including nic drivers and packet filtering, offers to a remote attacker. So I'm planning to isolate as much of the networking code (drivers, packet filtering etc) in a KVM…
Out of Band
- 9,150
- 1
- 21
- 30
3
votes
1 answer
How secure is QEMU/KVM?
I'm worrying about the security of the VM host machine (against guests) as the Kernel-Based Vitrual Machine operates at kernel level.
UPDATE: Is there any guarantee that a guest can't manipulate/break the host system (execute instructions,…
Al Klimov
- 131
- 1
- 4
3
votes
1 answer
Are paravirtualized drivers a security risk?
Below is a copy of my answer that I gave in some other thread (Would running VMs inside of VMs be a more secure way to study viruses, etc?) about a topic of security of nested virtualization. I would like to know whether my answer was right of…
Matrix
- 3,988
- 14
- 25
3
votes
1 answer
Can information somehow be secured from the host on a KVM guest?
With KVM guest systems so prevalent now, I was wondering if there is any merit in using LUKS encrypted storage, as the guest will usually be always on, so the information is always accessible unencrypted to the guest, and thus to the host.
Are there…
pepa65
- 31
- 1
3
votes
1 answer
How protected are files within a running encrypted VM on a possibly non secure hypervisor / host?
I've got a set of source code files (compiled C#) that I want to prevent direct read access to. The program will be running on the VM. I was thinking of storing these in an encrypted hard disk VM, the VM would use these files in conjunction with a…
Chris Stryczynski
- 141
- 4
3
votes
2 answers
What lightweight sandboxing options do I have on linux?
What can I use to avoid running a full-fledged VM that gives me comparable security?
Possibly, something like https://coreos.com/rkt/ but I don't know what their security properties are.
Elias
- 1,915
- 1
- 9
- 17
3
votes
1 answer
Does Linux “Dirty COW” Exploit allow for escalation outside a virtual machine?
Vulnerability CVE–2016–5195 deals with privilege escalation in Linux systems.
In a virtual environment with hypervisor KVM and QEMU, can a virtual machine get access to it's host? If not, what is the protective layer here?
Niklas Hagman
- 33
- 3
2
votes
1 answer
Remote Administrative Access to a server, KVM over IP or HP iLo?
We have a situation. We want to grant remote administrative access to one of our servers for clients. As I know, there are two possible ways: 1- KVM-over-IP and 2-HP iLO. The most important thing for us is security. Next we would like to consider…
A23149577
- 153
- 1
- 11
2
votes
0 answers
What are the security risks of running QEMU/KVM as root?
Context: I own a machine; I trust root and all the accounts. I virtualize untrusted guests using KVM, and don't want them to escape.
When /dev/kvm has the right permissions, non-root users can run KVM guests. Does this bring any security advantages…
punkeel
- 121
- 5
2
votes
1 answer
Is Meltdown/Spectre mitigation necessary in virtual machine as well as in hypervisor?
I am running virtual machines in kvm/qemu hypervisor. The hypervisor has Meltdown/Spectre mitigation enabled in kernel.
Is it necessary that virtual machines have the Meltdown/Spectre mitigation enabled as well, or is the protection provided by the…
Martin Vegter
- 1,826
- 4
- 27
- 39
2
votes
0 answers
Is it secure to enable KVM Device for Docker Runner in GitLab Continuous Integration?
I need to enable KVM for my android-ci Docker image to work for emulator based instrumentation tests. The Android emulator requires the kvm device.
Therefore I specify the following in the Runner config…
kmindi
- 121
- 3
2
votes
1 answer
CVE-2016-5195 - impacts on virtualization
I wonder if the recently found CVE-2016-5195 can be used to break out of KVM or OpenVZ virtualization to gain access to the host system?
Basically, I believe that the local privileges can not be used for that because an attacker would need to have…
user2933212
- 35
- 4
1
vote
2 answers
Browser fingerprint is unique while running a VM of a clean install of Windows 10
So I used Qemu on Ubuntu 20 to emulate a computer running windows 10. I kept all of Qemu default values. Then, while installing the Windows 10 iso, I kept all the default values once again. Finally, I went on :
https://amiunique.org/fp
And the site…
propre_poli
- 13
- 3