qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Re: [libvirt] Libvirt debug API


From: Anthony Liguori
Subject: Re: [Qemu-devel] Re: [libvirt] Libvirt debug API
Date: Mon, 26 Apr 2010 09:48:37 -0500
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.5) Gecko/20091209 Fedora/3.0-4.fc12 Lightning/1.0pre Thunderbird/3.0

On 04/26/2010 09:38 AM, Avi Kivity wrote:
On 04/26/2010 05:28 PM, Anthony Liguori wrote:
Or a library that the user-written launcher calls. Or a plugin that qemud calls.


A plugin would lose the security context. It could attempt to recreate it that seems like a lot of unnecessary complexity.


A plugin would create the security context instead of the launcher.

Currently security contexts are created by the login process.

It's not always that centralized. An initial context is created by the login process, but then later something may come along and create a network namespace as part of containerization.

We could easily reuse that. Any other security context code would be custom written; so it can be written as a qemud plugin instead of a bit of code that goes before a qemu launch.

I think we're mostly in agreement with respect to the need to have more control over the security context the qemu runs in. Whether it's launched via a daemon or directly I think is an implementation detail that we can debate when we get closer to an actual implementation.

Regards,

Anthony Liguori





reply via email to

[Prev in Thread] Current Thread [Next in Thread]