Fedora uses SELinux’s Multi Category Security to restrict VMs from accessing other VMs backing disks. Each VM is assigned a randomized category number when starting. When accessing a VM disk file from another running VM, such as by sharing a directory, an error similar to the following is logged by systemd: audit[26742]: AVC avc: denied…
All posts by justintaft
Creating and backing up security sensitive VMs using KVM and Borg
It’s Thursday night. You’ve been hacking away at a web app all week. All of a sudden your laptop turns off because you forgot to plug in the power cord. No bigge you think. You plug your laptop in, boot it up, and start the VM you’ve been using. Crap, you sigh to yourself, as…