[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH V12 00/15] virtio-9p: chroot environment for pas

From: M. Mohan Kumar
Subject: Re: [Qemu-devel] [PATCH V12 00/15] virtio-9p: chroot environment for passthrough security model
Date: Mon, 12 Sep 2011 19:45:04 +0530
User-agent: KMail/1.13.7 (Linux/2.6.40-4.fc15.x86_64; KDE/4.6.5; x86_64; ; )

On Tuesday, September 06, 2011 08:18:22 PM Stefan Hajnoczi wrote:
> A virtfs feature that needs root therefore needs to be in a separate
> process.  Either QEMU needs to fork or virtfs could use a separate
> daemon binary.
> You have already implemented the fork approach in the chroot patches.
> Handle-based open could work in the same way.
> To summarize this architecture: all path-related operations are
> performed by a separate privileged process.  File descriptors are passed
> to QEMU over a UNIX domain socket.  This way QEMU can do the actual
> read(2)/write(2) calls directly to/from guest memory.
> I think it would be nice to build a completely separate binary that QEMU
> connects to.  The separate binary would have a much smaller footprint
> (doesn't include QEMU code).  More importantly the
> privileged/unprivileged boundary would be simple and could be
> automatically set up by libvirt:
Hi Stefan,

Thanks for your inputs. Sorry for the delayed reply.

> $ sudo namespace_helper --sock /var/run/virtfs/1234.sock --export my_dir/
> $ qemu -fsdev local,id=my_fs,namespace_helper=/var/run/virtfs/1234.sock \
>        -device virtio-9p-pci,fsdev=my_fs

We already isolated all path related operations in a privileged process. 
Should we add this complexity? If we take this approach, for handle based 
filesystem driver, we need to ship another binary. Won't it be an usability 
issue for people who use qemu directly?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]