qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Re: [libvirt] Libvirt debug API


From: Anthony Liguori
Subject: Re: [Qemu-devel] Re: [libvirt] Libvirt debug API
Date: Mon, 26 Apr 2010 09:19:53 -0500
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.5) Gecko/20091209 Fedora/3.0-4.fc12 Lightning/1.0pre Thunderbird/3.0

On 04/26/2010 09:01 AM, Avi Kivity wrote:
On 04/26/2010 04:43 PM, Anthony Liguori wrote:
The reason I lean toward the direct launch model is that it gives the user a lot of flexibility in terms of using things like namespaces, DAC, cgroups, capabilities, etc. A lot of potential features are lost when you do indirect launch because you have to teach the daemon how to support each of these features.

But what's the alternative?  Teach the user how to do all these things?

You can expose layers of API. The lowest layer makes no changes to the security context. A higher (optional) layer could do dynamic labelling.

It's infinitely flexible, but it's not an API you can give to a management tool developer.

I think the goal of a management API should be to make common things very simple to do but not preclude doing even the most advanced things.

Regards,

Anthony Liguori





reply via email to

[Prev in Thread] Current Thread [Next in Thread]