Features/SVirt Mandatory Access Control

From FedoraProject

< Features(Difference between revisions)
Jump to: navigation, search
(first cut at this page)
 
m (SVirt Mandatory Access Control moved to Features/SVirt Mandatory Access Control: Accidentally created at the wrong location)

Revision as of 13:50, 30 January 2009

Contents

Summary

sVirt integrates SELinux with the Fedora virtualization stack to allow Mandatory Access Control (MAC) security be applied to guest virtual machines. Amongst other things, this prevents a security bug in the hypervisor from allowing guests to attack the host or one another.

Owner

Current status

  • Targeted release: Fedora 11
  • Last updated: 2009-01-30
  • Percentage of completion: 30%

TODO

  • See sVirt TODO list
  • Merge the patch into upstream libvirt, release and package in Fedora
  • Policy
  • Label assignment in virt-manager?

Completed

Detailed Description

Before virtualization, machines were physically separated. Any security exploit is reasonably well contained to the affected machine, with the obvious exception of network attacks.

With virtualization, a security flaw in the hypervisor may be exploited by a guest and allow the guest to attack the host, or even other guests running on that host. Hypervisors are complex pieces of code, so hypervisor vulnerabilities are far from a theoretical concern.

sVirt is an effort started by James Morris which aims to isolate guests using MAC security policy (i.e. SELinux). It introduces a pluggable security framework to libvirt and a SELinux implementation.

The sVirt framework allows guests and their resources to be uniquely labelled. Once labelled, rules can be applied which reject accesses between different guests.

Benefit to Fedora

The strong security policy enforcement provided by SELinux means that Fedora systems are well protected from malicious attempts to exploit security flaws.

sVirt brings that same benefit to Fedora's virtualization support. Integration of MAC will help increase the overall robustness and security assurance of Fedora host systems.

sVirt is a foray into an emerging field of security research. By adopting this work, Fedora will continue to lead the way in providing fully integrated security solutions and virtualization support.

Scope

The work primarily involves modifications to libvirt, but also virt-manager, SELinux policy and, perhaps, QEMU.

How To Test

User Experience

Dependencies

Contingency Plan

Documentation

Release Notes

Fedora 11 integrates SELinux's Mandatory Access Control with Virtualization. Virtual machines can now be much more effectively isolated from the host and one another, giving the increased assurance that security flaws cannot be exploited by malicious guests.

Comments and Discussion