VMware VCF 9.1 just implemented a feature called ULM as a defense in depth feature to reduce guest escapes from compromising the host. Their virtual machine monitor (i.e. qemu equivalent) runs with an extreme amount of stripped privileges.
https://techdocs.broadcom.com/us/en...lease-notes/what-s-new/whats-new-vsphere.html
Between Hyper-V, ESX, and other hypervisor platforms, Proxmox seems to be behind the curve here and is still running qemu as root. There's a bunch of recommendations here that the qemu developers document:
https://qemu-project.gitlab.io/qemu/system/security.html
With AI changing the velocity at which vulnerabilities are being discovered, is there a way to implement the principal of least privilege with the qemu process to reduce the attack surface? I'd like to start with preventing it from running as root, but any of the other "Isolation mechanisms" would also be nice.
https://techdocs.broadcom.com/us/en...lease-notes/what-s-new/whats-new-vsphere.html
Between Hyper-V, ESX, and other hypervisor platforms, Proxmox seems to be behind the curve here and is still running qemu as root. There's a bunch of recommendations here that the qemu developers document:
https://qemu-project.gitlab.io/qemu/system/security.html
With AI changing the velocity at which vulnerabilities are being discovered, is there a way to implement the principal of least privilege with the qemu process to reduce the attack surface? I'd like to start with preventing it from running as root, but any of the other "Isolation mechanisms" would also be nice.
