From 575249b08f1a84dc61fd218aeb80a765345d02cf Mon Sep 17 00:00:00 2001 From: Shellee Arnold Date: Mon, 1 Sep 2014 18:01:43 -0700 Subject: [PATCH] Sentence rewording CH. 41 - Hardening the Virtualization Layers Implemented corrections offered in bug report from N Dillon. Closes-Bug: #1342438 Change-Id: Iedc68c98f46b5d816e8f3f561a7e9c12b1ea1473 Co-Authored-By: Nathaniel Dillon --- ...ection_hardening-the-virtualization-layers.xml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/security-guide/section_hardening-the-virtualization-layers.xml b/security-guide/section_hardening-the-virtualization-layers.xml index d33e4128..1d95119f 100644 --- a/security-guide/section_hardening-the-virtualization-layers.xml +++ b/security-guide/section_hardening-the-virtualization-layers.xml @@ -123,13 +123,14 @@
Minimizing the QEMU code base - One classic security principle is to remove any unused - components from your system. QEMU provides support for many - different virtual hardware devices. However, only a small - number of devices are needed for a given instance. Most - instances will use the virtio devices. However, some legacy - instances will need access to specific hardware, which can - be specified using glance metadata: + The first recommendation is to minimize the QEMU code base + by removing unused components from the system. QEMU provides + support for many different virtual hardware devices, however + only a small number of devices are needed for a given + instance. The most common hardware devices are the virtio + devices. Some legacy instances will need access to specific + hardware, which can be specified using glance metadata: + $ glance image-update \ --property hw_disk_bus=ide \ --property hw_cdrom_bus=ide \