Why disabling SELinux when hosting VMs is a bad idea

Updated -

When hosting virtual machines (VMs) on RHEL, the hypervisor connects the VMs with the host. An attacker could use this connection to attack the host from a VM, and then use the host to attack the other VMs running on that host.

This is called a virtual machine escape, or a hypervisor escape. Having SELinux in Enforcing mode on the host can prevent hypervi...

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content