|
|
|
|
|
|
by munchlax
229 days ago
|
|
|
I admit I havent investigated this thoroughly, but I suspect the low hanging fruit in the tinykvm case is having rw access to /dev/kvm I think it should be possible to pass /dev/kvm as an open fd to daemons like kvm server and mark it as non-inheritable. As long as the vm is in a subprocess it would be okay I guess. |
|
|