Lines Matching full:are
26 The following entities are untrusted, meaning that they may be buggy or
35 Bugs affecting these entities are evaluated on whether they can cause damage in
48 Bugs affecting the non-virtualization use case are not considered security
56 requirements are met.
85 The QEMU process should not have access to any resources that are inaccessible
94 In reality certain resources are inaccessible to the guest but must be
95 available to QEMU to perform its function. For example, host system calls are
96 necessary for QEMU but are not exposed to guests. A guest that escapes into
101 clearly documented so users are aware of the trade-off of enabling the feature.
106 Several isolation mechanisms are available to realize this architecture of
108 Linux seccomp, these mechanisms are all deployed by management tools that
109 launch QEMU, such as libvirt. They are also platform-specific so they are only
123 process from accessing processes and files on the host system that are not
134 system calls that are not needed by QEMU, thereby reducing the host kernel
140 There are aspects of QEMU that can have security implications which users &