If someone has root access to Linux under VM, is VM's security compromised?

An instance of Linux running under z/VM maintains its own security just as it would if it were running on a distributed system. As far as z/VM is concerned, however, this entire virtual machine is owned by an ordinary Class G user account unless the VM system administrator chooses to grant it higher privileges.

Having root access to the Linux instance, therefore, does not imply OPERATOR or other privileged access to the underlying VM system. On the other hand, a compromised Linux instance can be used as a staging area for attacks on other hosts (or virtual hosts) just as if a distributed system had been compromised on the same LAN.

The ability to use VM administrative commands to take a compromised Linux instance offline, replace it with a known-clean backup copy, and then safely run the compromised instance in an isolated virtual environment, offers much potential for forensic analysis and for business continuity after an intrusion.