[CentOS] ESXi, KVM or Xen?

Sat Jul 3 12:01:33 UTC 2010
David McGuffey <davidmcguffey at verizon.net>

On Sat, 2010-07-03 at 11:52 +0800, Emmanuel Noobadmin wrote:
> 2. Security
> Some sites point out that KVM VM runs in userspace as threads. So a
> compromised guest OS would then give intruder access to the system as
> well as other VMs.
> 
> Should I really be concerned or are these worries only for extreme
> situations and that KVM is viable for normal production situations?
> Are there other things I should be aware of?
>
As I understand it each VM under kvm has a different SELinux context.
Breaking into one VM doesn't give you the context to manipulate another.
One would have to go back out through the network to attack the next
VM...and if you have decent logging and IDS the noise should be
seen/detected.

I went with kvm specifically because it is integrated into SELinux.

Dave M