<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
b) VM even if qemu runs as root is still more secure than running
software in your own session. More things need to be broken to get
to the host with virtualisation in place.<br>
<br>
c) virt-manager can do almost all whats needed. Might need to edit
xmls by hand to switch it to uefi though. Or to add few flags not
supported by virt-manager, but as far as device assignment goes
virt-manager does handle it.<br>
<br>
<div class="moz-cite-prefix">On 2016.02.26 23:09, Muted Bytes wrote:<br>
</div>
<blockquote
cite="mid:CAC4Xv-pqnaoX-at_rV0FJV4jCXtP-e6O6_CuzvJvXk-T5k55mQ@mail.gmail.com"
type="cite">
<p dir="ltr">From my experience:</p>
<p dir="ltr">I would consider usage stable for an average user,
but I'm not sure about set-up for a non-technical user.</p>
<p dir="ltr">a) In my specific case, I am forced to use Windows
because a lot of simulation and computational tools are only
available on that platform, but I chose to operate in a VM
rather than baremetal. As a result, I have both memory and cpu
intensive simulations running in the guest for days at a time,
and idle for weeks/months (shutdown only for host maintenance
etc). Have never had guest or host crash or freeze (even through
guest restarts).</p>
<p dir="ltr">b) I cannot provide comment, I am also running qemu
as root. I intend to look at how to move away from root
execution of qemu but haven't yet (virtsh makes this
easier/possible from what I've read but haven't looked in
detail).</p>
<p dir="ltr">c) I am also still using qemu from command-line so
cannot comment, but I have been watching progression of virtsh
and virt-manager. I think it already is at/getting to that
point.</p>
<p dir="ltr">d) I am using synergy to switch between screens/share
kb and mouse with guest. In my case, if the mouse is left on
guest side, the guest can lock but synergy prevents the host
from locking. The mouse needs to be on host side for me. Also,
my guest and host lock independently, so I'm not sure if there
is a way to synchronize this.<br>
Copy/paste generally works well with text in both directions,
however there seem to be some issues with more recent versions
of synergy upstream that makes the server portion to hang/crash
that seems to be related to the copy buffer (though I'm not 100%
sure this is the cause). I haven't encountered this in a while,
so it has been intermittent in my case. One good thing about
synergy is that you can set it up so that scroll lock key will
lock the mouse/kb to one side (guest or host) if you plan to
work or game in that environment for a long session, and don't
want the mouse to accidentally switch context on the screen
edge/boundary. This also makes fullscreen and FPS games playable
in the guest without the mouse going nuts from losing relative
position information.</p>
<div class="gmail_quote">On Feb 25, 2016 22:59, "Daniel Pocock"
<<a moz-do-not-send="true" href="mailto:daniel@pocock.pro">daniel@pocock.pro</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
Is a passthrough VGA configuration currently considered stable
and<br>
secure for widespread use, for example, where non-technical
users can<br>
work productively with applications running this way in an
office<br>
environment?<br>
<br>
Some specific things come to mind:<br>
<br>
a) crashes: I've seen crashes mentioned in a few discussions,
but are<br>
there many people running it for days and weeks at a time
without<br>
crashes? Are such issues specific to particular hardware and
can they<br>
be avoided by using hardware that is preferred/more heavily
tested by<br>
the developers?<br>
<br>
b) security: in my testing so far, I just run the qemu command
as root.<br>
To what extent can the use of root privileges be avoided? I
realize a<br>
VM is never 100% secure compared to a normal user session.<br>
<br>
c) control: some of the blogs and wikis mention that tools
like<br>
virt-manager and virt-install don't fully cope with
passthrough VGA<br>
configuration, is that still up to date? Can the user start
and manage<br>
the VM using some GUI from their X desktop on their host
display?<br>
<br>
d) interaction between VM and host desktop: when the user
locks the host<br>
display (screensaver), can this also lock the VM's passthrough
display,<br>
or the user will always need to lock both? How well does
something like<br>
Synergy work across the displays, especially for things like
cut-and-paste?<br>
<br>
_______________________________________________<br>
vfio-users mailing list<br>
<a moz-do-not-send="true" href="mailto:vfio-users@redhat.com">vfio-users@redhat.com</a><br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/vfio-users"
rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/vfio-users</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
vfio-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:vfio-users@redhat.com">vfio-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/vfio-users">https://www.redhat.com/mailman/listinfo/vfio-users</a>
</pre>
</blockquote>
<br>
</body>
</html>