From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=33511 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PujpX-0007rg-Kf
	for qemu-devel@nongnu.org; Wed, 02 Mar 2011 06:02:56 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Jes.Sorensen@redhat.com>) id 1PujpW-0001gL-77
	for qemu-devel@nongnu.org; Wed, 02 Mar 2011 06:02:55 -0500
Received: from mx1.redhat.com ([209.132.183.28]:54235)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Jes.Sorensen@redhat.com>) id 1PujpV-0001g9-Oj
	for qemu-devel@nongnu.org; Wed, 02 Mar 2011 06:02:54 -0500
Message-ID: <4D6E23D3.3080603@redhat.com>
Date: Wed, 02 Mar 2011 12:02:43 +0100
From: Jes Sorensen <Jes.Sorensen@redhat.com>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] QEMU: Discussion of separating core functionality
	vs	supportive features
References: <4D6BD085.8000001@redhat.com>	<AANLkTik-9oDv2UyRzVQQtKNumJnVT9pp_0U_5z+A9PSv@mail.gmail.com>	<4D6CE170.6060108@redhat.com>	<AANLkTin8qCDOjFQZ_heMc9fYqDBa+ErjtyzXYcRuXhgU@mail.gmail.com>	<4D6D01E2.1070908@redhat.com>
	<4D6E1B28.8090400@redhat.com> <4D6E2240.8060001@redhat.com>
In-Reply-To: <4D6E2240.8060001@redhat.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: dlaor@redhat.com
Cc: Juan Quintela <quintela@redhat.com>, QEMU Developers <qemu-devel@nongnu.org>, Michael Roth <mdroth@linux.vnet.ibm.com>, Anthony Liguori <aliguori@linux.vnet.ibm.com>, Gerd Hoffmann <kraxel@redhat.com>, Adam Litke <agl@us.ibm.com>, Amit Shah <amit.shah@redhat.com>, spice-devel@lists.freedesktop.org

On 03/02/11 11:56, Dor Laor wrote:
> On 03/02/2011 12:25 PM, Jes Sorensen wrote:
>> On 03/01/11 15:25, Dor Laor wrote:
>> Using shared memory this way should allow us to implement the video
>> clients without performance loss, in fact it should be beneficial since
>> it would allow them to run fully separate from the host daemon.
> 
> Why do you call it a daemon? Each VM instance should have only one, the
> 'host daemon' naming is misleading.

I refer to it as a daemon because it is something the client(s) will
connect to. But yes, there will be a daemon per VM.

> The proper solution long term is to sandbox qemu in a way that there
> privileged mode and non privileged mode. It might be implemented using
> separate address space or not. Most operations like vnc/rpc/spice/usb
> should be run with less privileges.
> 
> The main issue is that doing it right will take time and we'll want
> virt-agent be merged before the long term solution is ready. The best
> approach would be gradual development

Yes I agree, I don't think this will happen overnight, and blocking
virtagent with this would be bad.

Cheers,
Jes