On 7/3/10, David McGuffey davidmcguffey@verizon.net wrote:
As I understand it each VM under kvm has a different SELinux context. Breaking into one VM doesn't give you the context to manipulate another. One would have to go back out through the network to attack the next VM...and if you have decent logging and IDS the noise should be seen/detected.
I went with kvm specifically because it is integrated into SELinux.
In theory that sounds great and would had covered the security concern part. But my own experience with SELinux had basically been well less than positive.
When I first knew about it 2 years ago on my first install of CentOS, it just made things really difficult and even when it worked, setroubleshootd ends up sucking up memory and lags the system, making it extremely difficult to even view the SE event log to try to figure out what happened.
Maybe it's just my noobness then, so I'll give it another try with leaving SELinux enforcing instead of permissive.