We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

KubeVirt: privilege dropping one capability at a time

Formal Metadata

Title
KubeVirt: privilege dropping one capability at a time
Title of Series
Number of Parts
637
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
KubeVirt's architecture is composed of two main components: virt-handler, a trusted DaemonSet, running in each node, which operates as the virtualization agent, and virt-launcher, an untrusted Kubernetes pod encapsulating a single libvirt + qemu process. To reduce the attack surface of the overall solution, the untrusted virt-launcher component should run with as little linux capabilities as possible. The goal of this talk is to explain the journey to get there, and the steps taken to drop CAP NET ADMIN, and CAP NET RAW from the untrusted component. This talk will encompass changes in KubeVirt and Libvirt, and requires some general prior information about networking (dhcp / L2 networking).