From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44550)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1Vjtwj-0002Az-Uv
	for qemu-devel@nongnu.org; Fri, 22 Nov 2013 11:51:18 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1Vjtwb-0002oN-I7
	for qemu-devel@nongnu.org; Fri, 22 Nov 2013 11:51:09 -0500
Received: from mail-qe0-x22c.google.com ([2607:f8b0:400d:c02::22c]:40334)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1Vjtwb-0002o3-Dq
	for qemu-devel@nongnu.org; Fri, 22 Nov 2013 11:51:01 -0500
Received: by mail-qe0-f44.google.com with SMTP id nd7so555087qeb.31
	for <qemu-devel@nongnu.org>; Fri, 22 Nov 2013 08:51:00 -0800 (PST)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <528F8B6D.3060008@redhat.com>
Date: Fri, 22 Nov 2013 17:50:53 +0100
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <1383764354-10588-1-git-send-email-mrhines@linux.vnet.ibm.com>
	<20131115170612.GO28794@redhat.com>
	<52865C83.10202@linux.vnet.ibm.com> <5286752A.4010105@redhat.com>
	<20131116103245.GC9975@redhat.com>
In-Reply-To: <20131116103245.GC9975@redhat.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v3 for-1.7] rdma: rename 'x-rdma' => 'rdma'
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: quintela@redhat.com, chegu_vinod@hp.com, qemu-devel@nongnu.org, "Michael R. Hines" <mrhines@linux.vnet.ibm.com>, owasserm@redhat.com, onom@us.ibm.com, abali@us.ibm.com, mrhines@us.ibm.com, gokul@us.ibm.com

Il 16/11/2013 11:32, Daniel P. Berrange ha scritto:
> There's also an SELinux question to deal with there. If multiple QEMUs
> need concurrent access we can't do a selective grant of the device just
> when migration is running - we would have to give all QEMU's access
> all the time.  This would be a case where doing FD passing of the
> pre-opened devices might be a better option. It depends on what the
> downsides are to giving QEMU access to the devices unconditionally.

I think unconditional SELinux access + conditional cgroups access would
work best here.

How did Gluster deal with the same problem (for the gluster+rdma:// URI
scheme)?  I guess no one bothered to mention it when the Gluster patches
were committed, but it should be the same.   It would also be the same
for userspace iSCSI if libiscsi were to grow support for iSER (iSCSI
extensions for RDMA).

Paolo