From: Avi Kivity <avi@redhat.com>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: "libvir-list@redhat.com" <libvir-list@redhat.com>,
Paul Brook <paul@codesourcery.com>,
qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] Re: [libvirt] Supporting hypervisor specific APIs in libvirt
Date: Wed, 24 Mar 2010 14:29:49 +0200 [thread overview]
Message-ID: <4BAA05BD.1040708@redhat.com> (raw)
In-Reply-To: <4BAA0425.2030206@codemonkey.ws>
On 03/24/2010 02:23 PM, Anthony Liguori wrote:
> On 03/24/2010 05:42 AM, Avi Kivity wrote:
>>
>>> The filtering access part of this daemon is also not mapping well onto
>>> libvirt's access model, because we don't soley filter based on UID in
>>> libvirtd. We have it configurable based on UID, policykit, SASL,
>>> TLS/x509
>>> already, and intend adding role based access control to further filter
>>> things, integrating with the existing apparmour/selinux security
>>> models.
>>> A qemud that filters based on UID only, gives users a side-channel
>>> to get
>>> around libvirt's access control.
>>
>> That's true. Any time you write a multiplexer these issues crop up.
>> Much better to stay in single process land where everything is
>> already taken care of.
>
> What does a multiplexer give you that making individual qemu instances
> discoverable doesn't give you? The later doesn't suffer from these
> problems.
>
You don't get a directory filled with a zillion socket files pointing at
dead guests. Agree that's a poor return on investment.
Maybe we want a O_UNLINK_ON_CLOSE for unix domain sockets - but no,
that's not implementable.
--
error compiling committee.c: too many arguments to function
next prev parent reply other threads:[~2010-03-24 12:38 UTC|newest]
Thread overview: 109+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-22 19:25 [Qemu-devel] Supporting hypervisor specific APIs in libvirt Anthony Liguori
2010-03-22 20:10 ` [Qemu-devel] Re: [libvirt] " Daniel P. Berrange
2010-03-22 21:33 ` Gerd Hoffmann
2010-03-22 21:53 ` Anthony Liguori
2010-03-23 8:54 ` Jes Sorensen
2010-03-23 10:25 ` Gerd Hoffmann
2010-03-23 10:31 ` Jes Sorensen
2010-03-23 10:58 ` Gerd Hoffmann
2010-03-22 23:36 ` Cole Robinson
2010-03-22 21:49 ` Anthony Liguori
2010-03-23 7:35 ` Alexander Graf
2010-03-23 23:25 ` Jamie Lokier
2010-03-24 0:55 ` Anthony Liguori
2010-03-24 10:05 ` Markus Armbruster
2010-03-24 12:25 ` Paul Brook
2010-03-24 12:48 ` Anthony Liguori
2010-03-25 2:43 ` Jamie Lokier
2010-03-23 11:33 ` Daniel P. Berrange
2010-03-24 10:23 ` Daniel P. Berrange
2010-03-22 20:25 ` [Qemu-devel] " Daniel P. Berrange
2010-03-23 10:06 ` [Qemu-devel] " Juan Quintela
2010-03-23 10:41 ` Gerd Hoffmann
2010-03-23 10:50 ` Juan Quintela
2010-03-23 11:08 ` Daniel P. Berrange
2010-03-23 12:19 ` Juan Quintela
2010-03-23 23:13 ` Jamie Lokier
2010-03-24 7:59 ` Gerd Hoffmann
2010-03-24 13:52 ` Cole Robinson
2010-03-24 14:00 ` Gerd Hoffmann
2010-03-23 23:19 ` Jamie Lokier
2010-03-24 2:22 ` Andi Kleen
2010-03-24 8:49 ` Juan Quintela
[not found] ` <20100323145105.GV16253@redhat.com>
2010-03-23 15:05 ` [Qemu-devel] Re: [libvirt] " Anthony Liguori
2010-03-23 15:57 ` Paul Brook
2010-03-23 16:06 ` Anthony Liguori
2010-03-23 18:00 ` Avi Kivity
2010-03-23 18:23 ` [libvirt] [Qemu-devel] " Daniel P. Berrange
2010-03-24 1:05 ` Anthony Liguori
2010-03-24 4:48 ` Avi Kivity
2010-03-23 19:28 ` [Qemu-devel] Re: [libvirt] " Anthony Liguori
2010-03-23 23:09 ` Jamie Lokier
2010-03-24 5:17 ` Avi Kivity
2010-03-24 10:36 ` Daniel P. Berrange
2010-03-24 10:42 ` Avi Kivity
2010-03-24 12:23 ` Anthony Liguori
2010-03-24 12:29 ` Avi Kivity [this message]
2010-03-24 12:32 ` Anthony Liguori
2010-03-24 12:33 ` Avi Kivity
2010-03-25 0:28 ` Jamie Lokier
2010-03-24 16:42 ` Luiz Capitulino
2010-03-24 19:49 ` Avi Kivity
2010-03-24 20:12 ` Luiz Capitulino
2010-03-24 20:32 ` Anthony Liguori
2010-03-24 20:54 ` Alexander Graf
2010-03-24 21:33 ` Luiz Capitulino
2010-03-25 7:49 ` Alexander Graf
2010-03-24 21:25 ` Luiz Capitulino
2010-03-24 21:40 ` Anthony Liguori
2010-03-25 8:26 ` Vincent Hanquez
2010-03-25 8:49 ` Avi Kivity
2010-03-25 12:33 ` Anthony Liguori
2010-03-25 12:37 ` Avi Kivity
2010-03-25 13:44 ` Anthony Liguori
2010-03-25 13:48 ` Avi Kivity
2010-03-25 13:57 ` Anthony Liguori
2010-03-25 14:09 ` Luiz Capitulino
2010-03-25 15:59 ` Anthony Liguori
2010-03-26 2:11 ` Jamie Lokier
2010-03-25 14:21 ` Avi Kivity
2010-03-25 14:22 ` Vincent Hanquez
2010-03-25 16:50 ` Markus Armbruster
2010-03-25 17:40 ` Anthony Liguori
2010-03-26 7:37 ` Markus Armbruster
2010-03-26 9:26 ` [libvirt] [Qemu-devel] " Paolo Bonzini
2010-03-26 9:51 ` [Qemu-devel] Re: [libvirt] " Avi Kivity
2010-03-26 12:53 ` Anthony Liguori
2010-03-26 13:53 ` Anthony Liguori
2010-03-25 13:37 ` Gildas Le Nadan
2010-03-25 13:59 ` Daniel P. Berrange
2010-03-25 14:56 ` Vincent Hanquez
2010-03-25 15:07 ` Daniel P. Berrange
2010-03-25 15:14 ` Vincent Hanquez
2010-03-25 15:16 ` Daniel P. Berrange
2010-03-25 16:01 ` Anthony Liguori
2010-03-25 16:30 ` Alexander Graf
2010-03-26 2:18 ` Jamie Lokier
2010-03-25 13:23 ` Luiz Capitulino
2010-03-25 13:55 ` Anthony Liguori
2010-03-26 12:52 ` Luiz Capitulino
2010-03-25 6:37 ` Avi Kivity
2010-03-25 8:18 ` Alexander Graf
2010-03-26 16:01 ` Avi Kivity
2010-03-24 12:19 ` Anthony Liguori
2010-03-24 12:27 ` Avi Kivity
2010-03-24 12:30 ` Anthony Liguori
2010-03-24 12:32 ` Avi Kivity
2010-03-23 18:07 ` Daniel P. Berrange
2010-03-23 19:24 ` Anthony Liguori
2010-03-24 5:49 ` Avi Kivity
2010-03-24 12:30 ` Paul Brook
2010-03-24 12:34 ` Avi Kivity
2010-03-24 13:03 ` Paul Brook
2010-03-24 15:55 ` Markus Armbruster
2010-03-24 16:12 ` Paul Brook
2010-03-23 23:22 ` Jamie Lokier
2010-03-23 17:57 ` [Qemu-devel] " Avi Kivity
2010-03-23 19:31 ` Anthony Liguori
2010-03-24 4:53 ` Avi Kivity
2010-03-26 2:31 ` Jamie Lokier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BAA05BD.1040708@redhat.com \
--to=avi@redhat.com \
--cc=anthony@codemonkey.ws \
--cc=libvir-list@redhat.com \
--cc=paul@codesourcery.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.