Chapter 9: Secure Virtualization

More and more system tools have built-in support for SELinux or use SELinux's features to further harden their own service offering. When we look at virtualization, libvirt is the reigning champion as a virtualization management tool, using the QEMU and Kernel-Based Virtual Machine (KVM) hypervisors.

In this chapter, administrators will learn what secure Virtualization (sVirt) is and how it is applied by the libvirt tool suite, which SELinux domains are put in place, and how sVirt uses SELinux categories to isolate guests from each other. We will study how SELinux can help reduce the risks of virtualization and understand how the SELinux policy is tuned to support virtualization services.

In this chapter, we're ...

Get SELinux System Administration - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SELinux System Administration - Third Edition by Sven Vermeulen

Chapter 9: Secure Virtualization

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly