HomeFreeBSD

bhyveload(8): document some SECURITY CONSIDERATIONS

Description

bhyveload(8): document some SECURITY CONSIDERATIONS

The situation is improved now that we're running in a sandbox, but there
is still some host machine access that could be concerning depending on
the context. These concerns may be somewhat mitigated by the fact that
the host machine usually provides the loader binary, even when the guest
image is providing the loader scripts -- they only bring the lua
scripts, and they have to be able to execute arbitrary syscalls rather
than the interfaces provided by libsa(3).

Reviewed by: jhb, markj
Differential Revision: https://reviews.freebsd.org/D43299

Details

Provenance
kevansAuthored on Jan 12 2024, 7:57 PM
Reviewer
jhb
Differential Revision
D43299: bhyveload(8): document some SECURITY CONSIDERATIONS
Parents
rG46ebf11f5a32: MAINTAINERS: Add myself for nvme entries, remove jimharris
Branches
Unknown
Tags
Unknown