Recent developments in Xen and Linux now provide an environment in which it is possible to effectively limit the privilege of QEMU running as a device emulator in a privileged domain. This talk will discuss how dm (device model) op hypercall, file handle restriction in privcmd, libxentoolcore and the acquire_resources new memory op all contribute to the security of a system using QEMU as device emulator for untrusted guests