Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentENTERPRISE LINUX 5 - VIRTUALIZATION GUIDE

211

212

213

214

215

216

217

218

219

220

Chapter 19. Security for virtualization

When deploying virtualization technologies on your corporate infrastructure, you must ensure that

the host cannot be compromised. The host, in the Xen hypervisor, is a privileged domain that

handles system management and manages all virtual machines. If the host is insecure, all other

domains in the system are vulnerable. There are several ways to enhance security on systems using

virtualization. You or your organization should create a Deployment Plan containing the operating

specifications and specifies which services are needed on your guests and host servers as well as

what support is required for these services. Here are a few security issues to consider while

developing a deployment plan:

Run only necessary services on hosts. The fewer processes and services running on the host, the

higher the level of security and performance.

Enable Security-Enhanced Linux (SELinux) on the hypervisor. Read Section 19.2, “ SELinux and

virtualization” for more information on using SELinux and virtualization.

Use a firewall to restrict traffic to dom0. You can setup a firewall with default-reject rules that will

help secure attacks on dom0. It is also important to limit network facing services.

Do not allow normal users to access dom0. If you do permit normal users dom0 access, you run

the risk of rendering dom0 vulnerable. Remember, dom0 is privileged, and granting unprivileged

accounts may compromise the level of security.

19.1. St orage securit y issues

Administrators of guests can change the partitions the host boots in certain circumstances. To

prevent this administrators should follow these recommendations:

The host should not use disk labels to identify file systems in the fstab file, the initrd file or used

by the kernel command line. If less privileged users, especially guests, have write access to whole

partitions or LVM volumes.

Guest should not be given write access to whole disks or block devices (for example, /dev/sdb).

Use partitions (for example, /dev/sdb1) or LVM volumes.

19.2. SELinux and virt ualizat ion

Security Enhanced Linux was developed by the NSA with assistance from the Linux community to

provide stronger security for Linux. SELinux limits an attackers abilities and works to prevent many

common security exploits such as buffer overflow attacks and privilege escalation. It is because of

these benefits that Red Hat recommends all Red Hat Enterprise Linux systems should run with

SELinux enabled and in enforcing mode.

SELinux prevents guest images from loading if SELinux is enabled and the images are not correctly

labeled. SELinux requires that image files have the virt_image_t label applied to them. The

/var/lib/libvirt/images directory has this label applied to it and its contents by default. This

does not mean that images must be stored in this directory; images can be stored anywhere,

provided they are labeled with virt_image_t.

Ad d in g LVM b ased st o rag e wit h SELin u x in en f o rcin g mod e

The following section is an example of adding a logical volume to a guest with SELinux enabled.

These instructions also work for hard drive partitions.

⁠Chapt er 1 9 . Securit y for virt ualizat ion

215