From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LYfB2-0007bk-T6
	for qemu-devel@nongnu.org; Sun, 15 Feb 2009 06:28:48 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LYfAz-0007b4-IX
	for qemu-devel@nongnu.org; Sun, 15 Feb 2009 06:28:46 -0500
Received: from [199.232.76.173] (port=42794 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LYfAz-0007ax-07
	for qemu-devel@nongnu.org; Sun, 15 Feb 2009 06:28:45 -0500
Received: from mx1.redhat.com ([66.187.233.31]:39577)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <berrange@redhat.com>) id 1LYfAt-0000ld-MK
	for qemu-devel@nongnu.org; Sun, 15 Feb 2009 06:28:44 -0500
Date: Sun, 15 Feb 2009 11:28:36 +0000
From: "Daniel P. Berrange" <berrange@redhat.com>
Subject: Re: [Qemu-devel] PATCH: 7/7: Add external persistent ACL file
Message-ID: <20090215112836.GC4795@redhat.com>
References: <20090212145302.GO9894@redhat.com>
	<20090212150449.GW9894@redhat.com> <499742B9.5060201@codemonkey.ws>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <499742B9.5060201@codemonkey.ws>
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: qemu-devel@nongnu.org

On Sat, Feb 14, 2009 at 04:16:25PM -0600, Anthony Liguori wrote:
> 
> I feel really uncomfortable with this especially since Markus is now 
> working on configuration file support.  It seems to me that we'll want 
> to store any ACL information in the host configuration file.
> 
> Unless there's a really strong case that you always want ACLs to be 
> stored in a separate file, I'd rather wait to see how the host 
> configuration file stuff turns out before applying this.

I rather wanted the ACL configuration to be separate from the 
general emulator configuration. This file format was intended to
allow you to have one ACL file that is used across all your QEMU
instances, regardless of what emulator configuration file they
might be using.

Though, perhaps if the general config file allowed '#include acl.cfg'
that would be sufficient flexibilty, allowing a shared ACL for all
configs.

> I assume that libvirt will use the monitor interface anyway so 
> presumably, it's not a huge problem to wait on this?

I'm not really decided on what the best way to approach things is from
the libvirt POV. We could certainly use the monitor interface to set it
up - just have to decide how/where to persist it.

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|