Confining Virtual Images using SELinux (svirt)

With increased use of virtualization, one security benefit of physically separated systems -- strong isolation -- is reduced, an issue which may be ameliorated with the application of Mandatory Access Control (MAC) security in the host system. Integration of MAC with virtualization helps increase the overall robustness and security assurance of both host and guest systems. Many threats arising from flaws in the VM environment, or misconfiguration, may be mitigated through tighter isolation and specific MAC policy enforcement. By incorporating MAC support into the virtualization toolchain and documentation, users will also be able to make more use of the MAC security capabilities provided by the OS.

Audience should be technical. Should understand security/virtualization concepts.