From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NuPmh-0008Q6-BQ
	for qemu-devel@nongnu.org; Wed, 24 Mar 2010 08:34:07 -0400
Received: from [140.186.70.92] (port=56606 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NuPmW-0006pH-Vm
	for qemu-devel@nongnu.org; Wed, 24 Mar 2010 08:34:06 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <avi@redhat.com>) id 1NuPlN-0005lb-7U
	for qemu-devel@nongnu.org; Wed, 24 Mar 2010 08:32:46 -0400
Received: from mx1.redhat.com ([209.132.183.28]:25379)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <avi@redhat.com>) id 1NuPlM-0005lW-Sp
	for qemu-devel@nongnu.org; Wed, 24 Mar 2010 08:32:45 -0400
Message-ID: <4BAA0662.4080302@redhat.com>
Date: Wed, 24 Mar 2010 14:32:34 +0200
From: Avi Kivity <avi@redhat.com>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] Re: [libvirt] Supporting hypervisor specific APIs
	in libvirt
References: <4BA7C40C.2040505@codemonkey.ws>	<20100323145105.GV16253@redhat.com>	<4BA8D8A9.7090308@codemonkey.ws>	<201003231557.19474.paul@codesourcery.com>
	<4BA8E6FC.9080207@codemonkey.ws> <4BA901B5.3020704@redhat.com>
	<4BA9A066.3070904@redhat.com> <4BAA036D.3010707@codemonkey.ws>
	<4BAA0544.1060308@redhat.com> <4BAA05F7.7000507@codemonkey.ws>
In-Reply-To: <4BAA05F7.7000507@codemonkey.ws>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: "libvir-list@redhat.com" <libvir-list@redhat.com>, Paul Brook <paul@codesourcery.com>, qemu-devel@nongnu.org

On 03/24/2010 02:30 PM, Anthony Liguori wrote:
> On 03/24/2010 07:27 AM, Avi Kivity wrote:
>> On 03/24/2010 02:19 PM, Anthony Liguori wrote:
>>>> qemud
>>>>   - daemonaizes itself
>>>>   - listens on /var/lib/qemud/guests for incoming guest connections
>>>>   - listens on /var/lib/qemud/clients for incoming client connections
>>>>   - filters access according to uid (SCM_CREDENTIALS)
>>>>   - can pass a new monitor to client (SCM_RIGHTS)
>>>>   - supports 'list' command to query running guests
>>>>   - async messages on guest startup/exit
>>>
>>>
>>> Then guests run with the wrong security context.
>>
>> Why?  They run with the security context of whoever launched them 
>> (could be libvirtd).
>
> Because it doesn't have the same security context as qemud and since 
> clients have to connect to qemud, qemud has to implement access control.

Yeah.

> It's far better to have the qemu instance advertise itself such that 
> and client connects directly to it.  Then all of the various 
> authorization models will be applied correctly to it.

Agreed.  qemud->exit().

-- 
error compiling committee.c: too many arguments to function