Lines Matching refs:guest

23 use cases rely on hardware virtualization extensions to execute guest code
50 QEMU to provide guest isolation or any security guarantees.
61 Guest isolation is the confinement of guest code to the virtual machine.  When
62 guest code gains control of execution on the host this is called escaping the
67 QEMU presents an attack surface to the guest in the form of emulated devices.
68 The guest must not be able to gain control of QEMU.  Bugs in emulated devices
70 guest has escaped the virtual machine and is able to act in the context of the
74 malicious guest must not gain control of other guests or access their data.
83 each process only has access to resources belonging to the guest.
86 to the guest.  This way the guest does not gain anything by escaping into the
88 the guest.
90 Following the principle of least privilege immediately fulfills guest isolation
91 requirements.  For example, guest A only has access to its own disk image file
92 ``a.img`` and not guest B's disk image file ``b.img``.
94 In reality certain resources are inaccessible to the guest but must be
96 necessary for QEMU but are not exposed to guests.  A guest that escapes into
107 guest isolation and the principle of least privilege.  With the exception of
154 their content to the guest as a virtual disk.