rwmj parent
Sure, I agree. It's the SELinux policy which really confines QEMU. For example the compromised QEMU will only be able to open exactly the files containing the guest's drives (not even the drives of other guests on the same host).
@rwmj can you please point to the list of white-listed QEMU-KVM devices used in RHEL?
The qemu source RPMs are now hosted here: https://git.centos.org/project/rpms You have to type "qemu" in the box at top right. The qemu-kvm-rhev source RPM is here: http://ftp.redhat.com/pub/redhat/linux/enterprise/7Server/en...
Thanks for your reply. I made some suggestions for KVM and QEMU below. Also I was wondering what your POV is on my thoughts:
https://www.hackerneue.com/item?id=14227605 https://www.hackerneue.com/item?id=14228563