Product SiteDocumentation Site

3.6. Security

A virtual machine uses SELinux and sVirt to improve security in virtualization. This section includes an overview of the security options available.

3.6.1. Virtualization security features

SELinux was developed by the US National Security Agency and others to provide Mandatory Access Control (MAC) for Linux. Under control of SELinux, all processes and files are given what is known as a type, and access is limited by fine-grained controls. SELinux limits the abilities of an attacker and works to prevent many common security exploits such as buffer overflow attacks and privilege escalation.
SELinux strengthens the security model of Fedora hosts and virtualized Fedora guests. SELinux is configured and tested to work, by default, with all virtualization tools shipped with Fedora.
sVirt is a technology included in Fedora that integrates SELinux and virtualization. It applies Mandatory Access Control (MAC) to improve security when using virtual machines, and improves security and hardens the system against bugs in the hypervisor that might be used as an attack vector for the host or to another virtual machine.


For more information on security in Fedora, refer to the Fedora Security Guide. To find more information on security for virtualization, refer to the Fedora Virtualization Security Guide.