[Spice-devel] SPICE and guest breakout risk assessment

[adrelanos]

Hi,

I am currently working on testing out KVM as a platform for Whonix, a
Debian based spin with anonymity enforcement via usage of virtual
machines. All traffic from a workstation vm is forced through a Tor
gateway on the second gateway vm. Safeguarding against high level
attacks (0days and advanced persistent threats) is our top priority and
so right now we are hammering out the details of what virtual hardware
should be attached into the vms.

In your opinion is enabling SPICE and 2D acceleration via QXL+vdagent in
the guest, a security risk to the host? Consider this question in a
scenario where the host is a RedHat derivative that has SElinux and
secomp enabled for QEMU. We want to find out whether this is a case of
security vs convenience.

Thanks for you time.