| ▲ | tryauuum a day ago | |
Not all device files, only /dev/kvm. I assume the logic was "with /dev/kvm access the user can ...allocate memory and execute code, which they already can, so why not allow it?". Could also make rootless isolation easier | ||
| ▲ | codedokode a day ago | parent [-] | |
Different kernel modules might have different vulnerabilities. | ||