This paper provides guidance for hardening a z/VM system running Linux virtual machines in a hostile environment. Access to specific CP commands and resources is granted to a VM user based on the privilege classes assigned to the user. Good security practices dictate that a VM user should be granted as low a privilege class as possible. Linux virtual machines typically run in the lowest default CP privilege (class G). z/VM allows a system administrator to create a user defined privilege class, and to add specific CP commands to that privilege class. In this redpaper, we identify the CP commands and diagnose codes required to run Linux in a virtual machine. We then discuss a procedure to create a user defined privilege class, which has access only to those commands and diagnose codes required to run Linux guests. This privilege class has access to fewer commands and diagnose codes than the default G class.

Introduction

Interaction with CP

Communication between virtual machines

Additonal z/VM resources

An alternative approach

Sample MODIFY statements for the default z/VM 4.4 installation