Installation guide
Chapter 16.
131
Security for virtualization
When deploying virtualization technologies on your corporate infrastructure, you must ensure that
the host cannot be compromised. The host is a Red Hat Enterprise Linux system that manages the
system, devices, memory and networks as well as all virtualized guests. If the host is insecure, all
guests in the system are vulnerable. There are several ways to enhance security on systems using
virtualization. You or your organization should create a Deployment Plan containing the operating
specifications and specifies which services are needed on your virtualized guests and host servers as
well as what support is required for these services. Here are a few security issues to consider while
developing a deployment plan:
• Run only necessary services on hosts. The fewer processes and services running on the host, the
higher the level of security and performance.
• Enable SELinux on the hypervisor. Read Section 16.2, “SELinux and virtualization” for more
information on using SELinux and virtualization.
• Use a firewall to restrict traffic to the host. You can setup a firewall with default-reject rules that will
help secure the host from attacks. It is also important to limit network-facing services.
• Do not allow normal users to access the host. The host is privileged, and granting access to
unprivileged accounts may compromise the level of security.
16.1. Storage security issues
Administrators of virtualized guests can change the partitions the host boots in certain circumstances.
To prevent this administrators should follow these recommendations:
The host should not use disk labels to identify file systems in the fstab file, the initrd file or used
by the kernel command line. If less privileged users, especially virtualized guests, have write access to
whole partitions or LVM volumes.
Guests should not be given write access to whole disks or block devices (for example, /dev/sdb).
Use partitions (for example, /dev/sdb1) or LVM volumes.
16.2. SELinux and virtualization
Security Enhanced Linux was developed by the NSA with assistance from the Linux community to
provide stronger security for Linux. SELinux limits an attackers abilities and works to prevent many
common security exploits such as buffer overflow attacks and privilege escalation. It is because of
these benefits that all Red Hat Enterprise Linux systems should run with SELinux enabled and in
enforcing mode.
SELinux prevents guest images from loading if SELinux is enabled and the images are not in the
correct directory. SELinux requires that all guest images are stored in /var/lib/libvirt/images.
Adding LVM based storage with SELinux in enforcing mode
The following section is an example of adding a logical volume to a virtualized guest with SELinux
enabled. These instructions also work for hard drive partitions.
Procedure 16.1. Creating and mounting a logical volume on a virtualized guest with SELinux enabled
1. Create a logical volume. This example creates a 5 gigabyte logical volume named
NewVolumeName on the volume group named volumegroup.