For multiple virtual machines to share a subsystem which enforces some kind of security, they must also share a security domain. In particular, for a shared filesystem, the virtual machines must also share user ids and group ids. Since users of virtual machines will commonly have root access, a set of UMLs that share a read-write filesystem must be mutually trusting. Otherwise, a root user in one machine could destroy data in the shared filesystem that was written by one of the other virtual machines.