From: Patrick Ohly <patrick.ohly@intel.com>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: qemu-devel@nongnu.org, Amarnath Valluri <amarnath.valluri@intel.com>
Subject: Re: [Qemu-devel] RFC: connecting chardev to a command forked by qemu
Date: Tue, 07 Nov 2017 10:38:08 +0100 [thread overview]
Message-ID: <1510047488.22094.17.camel@intel.com> (raw)
In-Reply-To: <20171107092322.GE14232@redhat.com>
On Tue, 2017-11-07 at 09:23 +0000, Daniel P. Berrange wrote:
> On Mon, Nov 06, 2017 at 10:02:05PM +0100, Patrick Ohly wrote:
> > On Mon, 2017-11-06 at 17:26 +0000, Daniel P. Berrange wrote:
> > > I can see the argument about it making QEMU easier to use, and
> > > those
> > > who care about security aren't forced to use this new feature. It
> > > none the less has a cost on maintainers and existance of these
> > > features does reflect on QEMU's security reputation even if many
> > > don't use it.
> >
> > With Yocto we really don't have much choice: we need a patch like
> > this
> > because the alternative (introducing support for spawning and
> > stopping
> > swtpm and then passing the right parameters to QEMU) is way more
> > complex. So if this patch isn't acceptable to QEMU upstream, then I
> > will keep it as simple as possible and propose it as a local patch
> > in
> > Yocto.
>
> I don't really buy this argument. Any distro's core job is the
> ability to start/stop/manage processes. Saying yocto is unable to
> manage runing of swtpm is really dubious - it is simply a choice to
> declare that it is QEMU's job.
Yocto isn't really a distro. It's mostly a build system and meta data
that can be used to build custom distros.
The use of qemu+swtpm is during testing on whatever distro the
developer has chosen for his build machine. Yocto could build libvirt
for that host to manage QEMU, but given the choice between that or
enhancing the Yocto QEMU support code and patching QEMU, patching IMHO
is the easier and cleaner solution - for Yocto, at least.
I'll proceed with proposing the patch as a Yocto-specific modification
for QEMU.
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
prev parent reply other threads:[~2017-11-07 9:38 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-06 17:11 [Qemu-devel] RFC: connecting chardev to a command forked by qemu Patrick Ohly
2017-11-06 17:26 ` Daniel P. Berrange
2017-11-06 21:02 ` Patrick Ohly
2017-11-07 9:23 ` Daniel P. Berrange
2017-11-07 9:38 ` Patrick Ohly [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1510047488.22094.17.camel@intel.com \
--to=patrick.ohly@intel.com \
--cc=amarnath.valluri@intel.com \
--cc=berrange@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).