From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1O6PFv-0005zz-MI
	for qemu-devel@nongnu.org; Mon, 26 Apr 2010 10:25:51 -0400
Received: from [140.186.70.92] (port=50539 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1O6PFt-0005zG-Ny
	for qemu-devel@nongnu.org; Mon, 26 Apr 2010 10:25:50 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <avi@redhat.com>) id 1O6PFn-0001Lq-7u
	for qemu-devel@nongnu.org; Mon, 26 Apr 2010 10:25:49 -0400
Received: from mx1.redhat.com ([209.132.183.28]:32521)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <avi@redhat.com>) id 1O6PFn-0001Le-09
	for qemu-devel@nongnu.org; Mon, 26 Apr 2010 10:25:43 -0400
Message-ID: <4BD5A263.3070908@redhat.com>
Date: Mon, 26 Apr 2010 17:25:39 +0300
From: Avi Kivity <avi@redhat.com>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] Re: [libvirt] Libvirt debug API
References: <4BD1971B.7060907@redhat.com>
	<4BD1A543.1050004@codemonkey.ws>	<4BD1ADA2.2050605@redhat.com>
	<4BD1E723.6070005@codemonkey.ws>	<4BD2BDE0.7020907@redhat.com>
	<4BD3B965.3060205@codemonkey.ws>	<4BD42CDB.2030901@redhat.com>
	<4BD4F20D.8030901@codemonkey.ws>	<20100426095949.GA1342@redhat.com>
	<4BD5915F.3060405@codemonkey.ws>	<20100426133120.GD1342@redhat.com>
	<4BD59874.2000207@codemonkey.ws> <4BD59C9E.2000506@redhat.com>
	<4BD5A109.9060004@codemonkey.ws>
In-Reply-To: <4BD5A109.9060004@codemonkey.ws>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: "libvir-list@redhat.com" <libvir-list@redhat.com>, qemu-devel <qemu-devel@nongnu.org>, Luiz Capitulino <lcapitulino@redhat.com>, Chris Lalancette <clalance@redhat.com>, Jiri Denemark <jdenemar@redhat.com>

On 04/26/2010 05:19 PM, Anthony Liguori wrote:
> On 04/26/2010 09:01 AM, Avi Kivity wrote:
>> On 04/26/2010 04:43 PM, Anthony Liguori wrote:
>>> The reason I lean toward the direct launch model is that it gives 
>>> the user a lot of flexibility in terms of using things like 
>>> namespaces, DAC, cgroups, capabilities, etc.  A lot of potential 
>>> features are lost when you do indirect launch because you have to 
>>> teach the daemon how to support each of these features.
>>
>> But what's the alternative?  Teach the user how to do all these things?
>
> You can expose layers of API.  The lowest layer makes no changes to 
> the security context.  A higher (optional) layer could do dynamic 
> labelling.

Or a library that the user-written launcher calls.  Or a plugin that 
qemud calls.

>> It's infinitely flexible, but it's not an API you can give to a 
>> management tool developer.
>
> I think the goal of a management API should be to make common things 
> very simple to do but not preclude doing even the most advanced things.

Agreed.

-- 
error compiling committee.c: too many arguments to function