Remix.run Logo
fulafel 21 hours ago

Linux controls access using configurable file permissions, so this has a false premise. The better question is doesn't RHEL really use a kvm group to limit access like other distributions? If so, why?

rwmj 16 hours ago | parent | next [-]

Because you want users to use virtualization for sandboxing without needing to make system-wide changes. That generally improves security overall. You might as well ask "why allow users to run anything at all?" since they can make system calls into a gigantic C program that is likely full of unknown bugs.

fulafel 13 hours ago | parent [-]

I get where you're coming from but I'd argue the kvm group is still better even when you automatically give all human users membership. You can then have less-privileged accounts for service roles, for example nginx doesn't need kvm acccess.

rwmj 12 hours ago | parent [-]

nginx might not, but some automated tool / cron job using libguestfs might. Kernel KVM has a very good record for security so it's not something to worry about, compared to (for example) lesser used drivers/filesystems or other dusty corners of the kernel.

codedokode 18 hours ago | parent | prev [-]

The permissions are per-user, not per-app and that is the problem. The distibution developers assume that you trust the programs you run, but how can I trust commercial and proprietary software? How can I trust the code from a random guy on Github without a passport verification?

fulafel 13 hours ago | parent [-]

Depends on your setup, you can have per-app permissions too. Flatpak, snap etc do this for desktop apps, Android does it, containerized server apps do it. But of course if it turns out you're running malware, you're going to have problems when it transpires that you've delegated something valuable to it, even if it doesn't break out of its permission set.