VM can access to the whole file system through webdav
Hello,
i think this is a security issue, when i shared a folder (/home/user/Desktop/) to a virtual machine, using Remote viewer (virt-manager)
On the virtual machine i have access to all files on the web browser : using this URL for example :
So i have access to passwd file for example with this url http://localhost:9843//etc/passwd
i am using Debian 11 on the host machine ( spice-gtk 0.39-1, libspice-server 0.14.3-2.1 )
On the VM i am using, Lubuntu 22, spice-webdavd 2.5-1
Is this a known issue ? Will this be fixed ?
To me this is a huge issue because my VM users can access my host files ...
Thanks you
Edited by James Pouter