[Qemu-discuss] Starting without '-kernel'; isolating VMs

qemu-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-discuss] Starting without '-kernel'; isolating VMs

From:	Nikita Karetnikov
Subject:	[Qemu-discuss] Starting without '-kernel'; isolating VMs
Date:	Thu, 25 Jul 2013 14:29:15 +0400

I'd like to use multiple VMs to isolate various applications from each
other (see [1]).

I've never used QEMU, so I have a couple of questions:

1. I'm starting it like this (as suggested here [2]):

     $ qemu-system-i386 -kernel /tmp/vmlinuz -initrd /tmp/initrd.img \
                        -hda test.img -append "root=/dev/sda"

   Is there a way to use the kernel from the image?  If I omit
   everything except '-hda', it won't boot.

2. Some say that VMs are not designed with security in mind.  So what
   should I do to make it harder to escape a VM?  What are the best
   practices?

[1] http://wiki.lewman.is/blog/2012-11-23-a-week-with-qubes
[2] http://www.aurel32.net/info/debian_arm_qemu.php

pgpo6b8cRdsmc.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-discuss] Starting without '-kernel'; isolating VMs, Nikita Karetnikov <=
- Re: [Qemu-discuss] Starting without '-kernel'; isolating VMs, Jakob Bohm, 2013/07/26

Prev by Date: [Qemu-discuss] Running different applications in separate windows or tabbed console window
Next by Date: Re: [Qemu-discuss] Starting without '-kernel'; isolating VMs
Previous by thread: [Qemu-discuss] Running different applications in separate windows or tabbed console window
Next by thread: Re: [Qemu-discuss] Starting without '-kernel'; isolating VMs
Index(es):
- Date
- Thread