[libvirt] [Qemu-devel] Re: Libvirt debug API

Anthony Liguori anthony at codemonkey.ws
Mon Apr 26 14:19:53 UTC 2010


On 04/26/2010 09:01 AM, Avi Kivity wrote:
> On 04/26/2010 04:43 PM, Anthony Liguori wrote:
>> The reason I lean toward the direct launch model is that it gives the 
>> user a lot of flexibility in terms of using things like namespaces, 
>> DAC, cgroups, capabilities, etc.  A lot of potential features are 
>> lost when you do indirect launch because you have to teach the daemon 
>> how to support each of these features.
>
> But what's the alternative?  Teach the user how to do all these things?

You can expose layers of API.  The lowest layer makes no changes to the 
security context.  A higher (optional) layer could do dynamic labelling.

> It's infinitely flexible, but it's not an API you can give to a 
> management tool developer.

I think the goal of a management API should be to make common things 
very simple to do but not preclude doing even the most advanced things.

Regards,

Anthony Liguori




More information about the libvir-list mailing list