From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1KXCNM-0004Or-Ft
	for qemu-devel@nongnu.org; Sun, 24 Aug 2008 05:59:12 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1KXCNK-0004No-GH
	for qemu-devel@nongnu.org; Sun, 24 Aug 2008 05:59:11 -0400
Received: from [199.232.76.173] (port=60445 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1KXCNI-0004Na-I8
	for qemu-devel@nongnu.org; Sun, 24 Aug 2008 05:59:09 -0400
Received: from mail2.shareable.org ([80.68.89.115]:38590)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <jamie@shareable.org>) id 1KXCNI-00089v-8s
	for qemu-devel@nongnu.org; Sun, 24 Aug 2008 05:59:08 -0400
Date: Sun, 24 Aug 2008 10:59:03 +0100
From: Jamie Lokier <jamie@shareable.org>
Subject: Re: [Xen-devel] Re: [Qemu-devel] [PATCH 12/13] set vnc password from
	xenstore.
Message-ID: <20080824095903.GA24946@shareable.org>
References: <1219336054-15919-1-git-send-email-kraxel@redhat.com>
	<1219336054-15919-13-git-send-email-kraxel@redhat.com>
	<48ADCCA2.8050201@codemonkey.ws> <20080821201955.GG1531@redhat.com>
	<48ADCE91.2070602@codemonkey.ws> <48B12280.9010202@qumranet.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <48B12280.9010202@qumranet.com>
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: xen-devel@lists.xensource.com, Gerd Hoffmann <kraxel@redhat.com>

Avi Kivity wrote:
> Anthony Liguori wrote:
> >>  -vnc localhost:3,passwdfd=6
> >
> >In general, I strongly dislike passing file descriptors like this.
> 
> I find this very useful, and actually think we should encourage it, and 
> also allow passing file descriptors over the monitor (using 
> SCM_RIGHTS).  This can help de-privilege qemu.  In fact, you can run a 
> guest where qemu doesn't even have permissions to open the backing file.

You can already do this:

    qemu -hdc /proc/self/fd/3 3<>MS-DOS-6.22.img

-- Jamie