[libvirt] [PATCH 2/3] New 'permissive' attribute for hostdev
Daniel P. Berrange
berrange at redhat.com
Tue Dec 22 10:04:16 UTC 2009
On Tue, Dec 22, 2009 at 10:51:15AM +0100, Daniel Veillard wrote:
> On Mon, Dec 21, 2009 at 07:09:08PM +0000, Daniel P. Berrange wrote:
> > On Mon, Dec 21, 2009 at 02:27:18PM +0100, Jiri Denemark wrote:
> > > When it is set to 'yes', some check whether a device is safe to be
> > > assigned to a guest will be weakened.
> >
> > I think this is a rather ill-defined concept to be adding the guest XML,
> > since there are many checks done for assignment, and this is only impacting
> > one of them. Whether to allow a device beind a non-ACS enable switch to be
> > used in a VM has implications beyond just the one VM it is assigned to. Thus
> > is strikes me that the decision as to whether to allow use of devices behind
> > non-ACS switches should be a host level attribute. eg a config item in the
> > /etc/qemu/qemu.conf file
>
> Agreed, it's a Host PCI implementation issue, and this should be
> delt with in a host wide manner I think, a daemon setting, with the
> defaulting being on the safe side sounds the best to me.
I'm having second thoughts about even a host daemon setting. I really
think we ought to be doing full checking ourselves, even with whitelists
if needed.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list