Libvirt sandbox at FOSDEM 2012

Posted: February 5th, 2012 | Filed under: Fedora, libvirt, Security, Virt Tools | Tags: | 7 Comments »

As mentioned previously, today I presented a talk at FOSDEM 2012, titled “Building application sandboxes on top of LXC and KVM with libvirt”.  As promised I have now uploaded the PDF slides for public access.  For further information about libvirt-sandbox, consult this previous blog post on the subject. Also keep an eye on this site for further blog posts in the future. Thanks to everyone who attended the talk. I look forward to returning again in a year’s time for another update.

7 Responses to “Libvirt sandbox at FOSDEM 2012”

  1. Amadeus says:

    Is evading from LXC to the virtual host possible with your solution?

    http://blog.bofh.it/debian/id_413

    • Daniel Berrange says:

      The forthcoming libvirt 0.9.10 release will include support for sVirt with LXC. If this is enabled on an LXC container, then SELinux should be able to prevent container apps from escaping into the host. For example, the SELinux policy would prevent any writes to /proc, or /sys

  2. Amadeus says:

    Ok, that is very interesting!

    Will sVirt 0.9.10 make into F17?

    Do you know of howtos/documentation how to implement this properly?

    • Daniel Berrange says:

      Yes, libvirt 0.9.10 will be in Fedora 17, with sVirt for LXC. Docs will be forthcoming…watch this blog for more info.

  3. Amadeus says:

    I’ll definitely do that.

  4. This sounds very interesting.

    Is there a video available for this presentation?

    • Daniel Berrange says:

      @stefan unfortunately not, only the 2 main FOSDEM presentation rooms were video recorded.

Leave a Reply





Spam protection: Sum of 0ne plus thr33 ?: