Libvirt sandbox at FOSDEM 2012

Posted: February 5th, 2012 | Author: | Filed under: Fedora, libvirt, Security, Virt Tools | Tags: | 7 Comments »

As mentioned previously, today I presented a talk at FOSDEM 2012, titled “Building application sandboxes on top of LXC and KVM with libvirt”.  As promised I have now uploaded the PDF slides for public access.  For further information about libvirt-sandbox, consult this previous blog post on the subject. Also keep an eye on this site for further blog posts in the future. Thanks to everyone who attended the talk. I look forward to returning again in a year’s time for another update.

7 Comments

Amadeus said at 8:08 pm on February 5th, 2012:

Is evading from LXC to the virtual host possible with your solution?

http://blog.bofh.it/debian/id_413

Daniel Berrange said at 12:00 am on February 6th, 2012:

The forthcoming libvirt 0.9.10 release will include support for sVirt with LXC. If this is enabled on an LXC container, then SELinux should be able to prevent container apps from escaping into the host. For example, the SELinux policy would prevent any writes to /proc, or /sys

Amadeus said at 11:38 am on February 10th, 2012:

Ok, that is very interesting!

Will sVirt 0.9.10 make into F17?

Do you know of howtos/documentation how to implement this properly?

Daniel Berrange said at 12:17 pm on February 10th, 2012:

Yes, libvirt 0.9.10 will be in Fedora 17, with sVirt for LXC. Docs will be forthcoming…watch this blog for more info.

Amadeus said at 12:30 pm on February 10th, 2012:

I’ll definitely do that.

Stefan Lasiewski said at 6:14 pm on May 29th, 2012:

This sounds very interesting.

Is there a video available for this presentation?

Daniel Berrange said at 3:00 pm on May 30th, 2012:

@stefan unfortunately not, only the 2 main FOSDEM presentation rooms were video recorded.

Leave a Reply





Spam protection: Sum of thr33 plus 3ight ?: