From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: "Marc-André Lureau" <marcandre.lureau@gmail.com>
Cc: "Daniel P. Berrange" <berrange@redhat.com>,
Juan Quintela <quintela@redhat.com>,
Michal Privoznik <mprivozn@redhat.com>,
QEMU <qemu-devel@nongnu.org>,
Stefan Hajnoczi <stefanha@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v3 5/6] docs: start a document to describe D-Bus usage
Date: Tue, 17 Sep 2019 09:12:03 +0100 [thread overview]
Message-ID: <20190917081203.GA3370@work-vm> (raw)
In-Reply-To: <CAJ+F1C+mbPHHO_Oet-CxUsfAxTrLvezvcV=+0KG+Rv2za=-arg@mail.gmail.com>
* Marc-André Lureau (marcandre.lureau@gmail.com) wrote:
> Hi
>
> On Mon, Sep 16, 2019 at 5:15 PM Dr. David Alan Gilbert
> <dgilbert@redhat.com> wrote:
> >
> > * Marc-André Lureau (marcandre.lureau@gmail.com) wrote:
> > > Hi
> > >
> > > On Mon, Sep 16, 2019 at 2:02 PM Dr. David Alan Gilbert
> > > <dgilbert@redhat.com> wrote:
> > > >
> > > > (Copying in Stefan since he was looking at DBus for virtiofs)
> > > >
> > > > * Marc-André Lureau (marcandre.lureau@redhat.com) wrote:
> > > > > Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
<snip>
> > > Do you have a specific question we can answer or guide for qemu? Is
> > > there something we have to document or implement?
> > >
> > > Since qemu is not managing the extra processes or applying policies, I
> > > don't know what else could be done. From qemu pov, it can rely on
> > > management layer to trust the bus and the helpers, similar to trusting
> > > the system in general.
> >
> > Well pretty much the same questions I asked in the discussion on v2;
> > what is the supported configuration to ensure that one helper that's
> > been compromised can't attack the others and qemu?
>
> I thought I gave the answer to that question above. What is missing? I
> don't think one can generalize it here, it will be a case by case for
> each helper, how they interact with each other and qemu.
I think we need an example of how to lock it down; i.e. to allow a
helper to provide migration data but not to be able to speak to other
helpers.
Dave
> >
> > Dave
> >
> > > > Dave
> > > >
> > > > > +Guidelines
> > > > > +==========
> > > > > +
> > > > > +When implementing new D-Bus interfaces, it is recommended to follow
> > > > > +the "D-Bus API Design Guidelines":
> > > > > +https://dbus.freedesktop.org/doc/dbus-api-design.html
> > > > > +
> > > > > +The "org.qemu*" prefix is reserved for the QEMU project.
> > > > > diff --git a/docs/interop/index.rst b/docs/interop/index.rst
> > > > > index b4bfcab417..fa4478ce2e 100644
> > > > > --- a/docs/interop/index.rst
> > > > > +++ b/docs/interop/index.rst
> > > > > @@ -13,6 +13,7 @@ Contents:
> > > > > :maxdepth: 2
> > > > >
> > > > > bitmaps
> > > > > + dbus
> > > > > live-block-operations
> > > > > pr-helper
> > > > > vhost-user
> > > > > --
> > > > > 2.23.0
> > > > >
> > > > --
> > > > Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
> > > >
> > >
> > >
> > > --
> > > Marc-André Lureau
> > --
> > Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
>
>
>
> --
> Marc-André Lureau
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2019-09-17 8:12 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-12 12:25 [Qemu-devel] [PATCH v3 0/6] Add dbus-vmstate Marc-André Lureau
2019-09-12 12:25 ` [Qemu-devel] [PATCH v3 1/6] migration: fix vmdesc leak on vmstate_save() error Marc-André Lureau
2019-09-13 13:29 ` Dr. David Alan Gilbert
2019-09-17 12:31 ` Daniel P. Berrangé
2019-09-25 9:49 ` Dr. David Alan Gilbert
2019-09-12 12:25 ` [Qemu-devel] [PATCH v3 2/6] vmstate: add qom interface to get id Marc-André Lureau
2019-09-16 9:54 ` Dr. David Alan Gilbert
2019-09-17 12:33 ` Daniel P. Berrangé
2019-09-12 12:25 ` [Qemu-devel] [PATCH v3 3/6] vmstate: replace DeviceState with VMStateIf Marc-André Lureau
2019-09-12 16:18 ` Halil Pasic
2019-09-13 7:12 ` Marc-André Lureau
2019-09-16 9:06 ` Dr. David Alan Gilbert
2019-09-17 12:35 ` Daniel P. Berrangé
2019-09-12 12:25 ` [Qemu-devel] [PATCH v3 4/6] tests: add qtest_expect_exit_status() Marc-André Lureau
2019-09-13 13:33 ` Dr. David Alan Gilbert
2019-09-17 12:36 ` Daniel P. Berrangé
2019-09-12 12:25 ` [Qemu-devel] [PATCH v3 5/6] docs: start a document to describe D-Bus usage Marc-André Lureau
2019-09-16 10:00 ` Dr. David Alan Gilbert
2019-09-16 10:57 ` Marc-André Lureau
2019-09-16 13:15 ` Dr. David Alan Gilbert
2019-09-16 19:13 ` Marc-André Lureau
2019-09-17 8:12 ` Dr. David Alan Gilbert [this message]
2019-09-17 8:23 ` Marc-André Lureau
2019-09-17 12:47 ` Daniel P. Berrangé
2019-09-17 13:03 ` Dr. David Alan Gilbert
2019-09-19 9:23 ` Stefan Hajnoczi
2019-09-17 13:07 ` Daniel P. Berrangé
2019-09-12 12:25 ` [Qemu-devel] [PATCH v3 6/6] Add dbus-vmstate object Marc-André Lureau
2019-09-12 14:29 ` Eric Blake
2019-09-16 10:43 ` Dr. David Alan Gilbert
2019-09-17 13:21 ` Daniel P. Berrangé
2019-09-12 13:50 ` [Qemu-devel] [PATCH v3 0/6] Add dbus-vmstate no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190917081203.GA3370@work-vm \
--to=dgilbert@redhat.com \
--cc=berrange@redhat.com \
--cc=marcandre.lureau@gmail.com \
--cc=mprivozn@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.