From: Anthony Liguori <anthony@codemonkey.ws>
To: Avi Kivity <avi@redhat.com>
Cc: "libvir-list@redhat.com" <libvir-list@redhat.com>,
qemu-devel <qemu-devel@nongnu.org>,
Luiz Capitulino <lcapitulino@redhat.com>,
Chris Lalancette <clalance@redhat.com>,
Jiri Denemark <jdenemar@redhat.com>
Subject: Re: [Qemu-devel] Re: [libvirt] Libvirt debug API
Date: Mon, 26 Apr 2010 09:28:02 -0500 [thread overview]
Message-ID: <4BD5A2F2.7070805@codemonkey.ws> (raw)
In-Reply-To: <4BD5A263.3070908@redhat.com>
On 04/26/2010 09:25 AM, Avi Kivity wrote:
> On 04/26/2010 05:19 PM, Anthony Liguori wrote:
>> On 04/26/2010 09:01 AM, Avi Kivity wrote:
>>> On 04/26/2010 04:43 PM, Anthony Liguori wrote:
>>>> The reason I lean toward the direct launch model is that it gives
>>>> the user a lot of flexibility in terms of using things like
>>>> namespaces, DAC, cgroups, capabilities, etc. A lot of potential
>>>> features are lost when you do indirect launch because you have to
>>>> teach the daemon how to support each of these features.
>>>
>>> But what's the alternative? Teach the user how to do all these things?
>>
>> You can expose layers of API. The lowest layer makes no changes to
>> the security context. A higher (optional) layer could do dynamic
>> labelling.
>
> Or a library that the user-written launcher calls. Or a plugin that
> qemud calls.
A plugin would lose the security context. It could attempt to recreate
it that seems like a lot of unnecessary complexity.
Regards,
Anthony Liguori
next prev parent reply other threads:[~2010-04-26 14:28 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-09 13:41 [Qemu-devel] Libvirt debug API Chris Lalancette
2010-04-09 14:27 ` [Qemu-devel] Re: [libvirt] " Daniel P. Berrange
2010-04-09 18:16 ` Chris Lalancette
2010-04-12 12:41 ` Daniel P. Berrange
2010-04-12 13:56 ` Chris Lalancette
2010-04-12 14:18 ` Daniel P. Berrange
2010-04-09 21:06 ` Jamie Lokier
2010-04-09 21:30 ` [libvirt] [Qemu-devel] " Eric Blake
2010-04-10 12:05 ` Paolo Bonzini
2010-04-11 20:28 ` [Qemu-devel] Re: [libvirt] " Richard W.M. Jones
2010-04-11 22:17 ` Jamie Lokier
[not found] ` <20100412085621.GN26162@redhat.com>
2010-04-12 12:23 ` [libvirt] [Qemu-devel] " Jamie Lokier
2010-04-12 13:05 ` Daniel P. Berrange
2010-04-22 18:47 ` Anthony Liguori
2010-04-23 6:36 ` Jes Sorensen
2010-04-23 10:30 ` Daniel P. Berrange
2010-04-12 12:53 ` [Qemu-devel] Re: [libvirt] " Daniel P. Berrange
2010-04-12 15:20 ` Luiz Capitulino
2010-04-22 18:49 ` Anthony Liguori
2010-04-23 12:48 ` Avi Kivity
2010-04-23 13:48 ` Anthony Liguori
2010-04-23 14:24 ` Avi Kivity
2010-04-23 14:36 ` [libvirt] [Qemu-devel] " Daniel P. Berrange
2010-04-26 12:54 ` Jamie Lokier
2010-04-26 14:25 ` Chris Lalancette
2010-04-26 14:34 ` Avi Kivity
2010-04-26 14:54 ` Daniel P. Berrange
2010-04-26 15:08 ` Anthony Liguori
2010-04-26 15:20 ` Daniel P. Berrange
2010-04-26 15:55 ` Anthony Liguori
2010-04-23 18:29 ` [Qemu-devel] Re: [libvirt] " Anthony Liguori
2010-04-24 9:46 ` Avi Kivity
2010-04-25 3:39 ` Anthony Liguori
2010-04-25 11:51 ` Avi Kivity
2010-04-26 1:53 ` Anthony Liguori
2010-04-26 5:56 ` Avi Kivity
2010-04-26 9:56 ` [libvirt] [Qemu-devel] " Matthias Bolte
2010-04-26 13:14 ` [Qemu-devel] Re: [libvirt] " Anthony Liguori
2010-04-26 13:41 ` Avi Kivity
2010-04-26 13:46 ` Anthony Liguori
2010-04-26 13:53 ` Avi Kivity
2010-04-26 13:58 ` Daniel P. Berrange
2010-04-26 14:26 ` Anthony Liguori
2010-04-26 14:32 ` Daniel P. Berrange
2010-04-26 9:59 ` Daniel P. Berrange
2010-04-26 13:13 ` Anthony Liguori
2010-04-26 13:31 ` Daniel P. Berrange
2010-04-26 13:43 ` Anthony Liguori
2010-04-26 14:01 ` Avi Kivity
2010-04-26 14:19 ` Anthony Liguori
2010-04-26 14:25 ` Avi Kivity
2010-04-26 14:28 ` Anthony Liguori [this message]
2010-04-26 14:38 ` Avi Kivity
2010-04-26 14:48 ` Anthony Liguori
2010-04-26 14:51 ` Avi Kivity
2010-04-23 14:34 ` Daniel P. Berrange
2010-04-23 15:43 ` Markus Armbruster
2010-04-22 18:45 ` Anthony Liguori
2010-04-22 19:10 ` Anthony Liguori
2010-04-23 10:28 ` Daniel P. Berrange
2010-04-23 13:40 ` Anthony Liguori
2010-04-23 14:21 ` Daniel P. Berrange
2010-04-23 18:33 ` Anthony Liguori
2010-04-25 14:50 ` Avi Kivity
2010-04-26 13:14 ` Anthony Liguori
2010-04-09 20:07 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BD5A2F2.7070805@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=avi@redhat.com \
--cc=clalance@redhat.com \
--cc=jdenemar@redhat.com \
--cc=lcapitulino@redhat.com \
--cc=libvir-list@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.