Open Source Security
Welcome at » sVirt Stronger Security for Linux Virtualization

sVirt Stronger Security for Linux Virtualization

By Bryan Jacobson, Linux Technology Center.

While Virtualization offers many benefits, there can also be increased security risks. For example, consider a system running two hundred virtual images. All two hundred images are at risk if a flaw in the hypervisor (or configuration) allows any virtual guest to “break out” into the host environment and affect other virtual guests.

sVirt is a project to improve the security of Linux virtualization. Svirt applies the Mandatory Access Control (MAC) features of SELinux to strengthen the isolation between virtual images. Svirt works with KVM/QEMU and other Linux virtualization systems where the virtual image runs as a Linux user space process.

sVirt is a community project, with founding authors from Red Hat: Daniel Berrange, James Morris, and Dan Walsh. sVirt is integrated with libvirt.

One of my favorite sVirt use cases is: “Strongly isolating desktop applications by running them in separately labeled VMs (e.g. online banking in one VM and World of Warcraft in another; opening untrusted office documents in an isolated VM for view/print only).” (From the 8/11/2008 sVirt project announcement at www.redhat.com/archives/libvir-list/2008-August/msg00255.html).

The project announcement also identifies an excellent design goal: “Initially, sVirt should “just work” as a means to isolate VMs, with minimal administrative interaction. e.g. an option is added to virt-manager which allows a VM to be designated as “isolated”, and from then on, it is automatically run in a separate security context, with policy etc. being generated and managed by libvirt.”.

You can find a 48 minute video of James Morris’s February 2009 presentation on sVirt at Linux.conf.au: video.google.com/videoplay?docid=5750618585157629496#

Slides from that presentation are at: namei.org/presentations/svirt-lca-2009.pdf

2 Responses




  1. […] Open Source Security » Blog Archive » sVirt Stronger Security for … – While Virtualization offers many benefits, there can also be increased security risks. For example, consider a system running two hundred virtual images. All two hundred images are at risk if a flaw in the hypervisor (or configuration) … […]




  2. That is why security is very important in Virtual machines. One bug could crash a lot of servers because of one bug only