[ovirt-users] Ip spoofing

Sven Kieske S.Kieske at mittwald.de
Fri Jun 27 09:35:37 UTC 2014


Well I doubt this is a solution to this,
anyway, if you want to check if it's a permission error
due to not correctly configured selinux you
could do:

grep "avc" /var/log/auditd/auditd.log

and configure your selinux correctly, no need to disable it.

But I doubt that the "VM can spoof the ip address"

you can configure it, sure, but you should not be able
to access anything outside of the vm.

another way to set this up, is, to configure the filter
vdsm-no-mac-spoofing for each vm
and to configure your network to not allow any other ip-packages
from the given mac, and assign well known macs to each vm.
you can also add vlans and proper subnetting to the mix to make
it more secure.

Am 27.06.2014 11:16, schrieb Antoni Segura Puimedon:
> Did you try to disable SELinux with "setenforce 0" to see if the problem is
> one of secure contexts?

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen


More information about the Users mailing list