[libvirt] [Qemu-devel] Re: Libvirt debug API

Anthony Liguori anthony at codemonkey.ws
Mon Apr 26 14:48:37 UTC 2010

On 04/26/2010 09:38 AM, Avi Kivity wrote:
> On 04/26/2010 05:28 PM, Anthony Liguori wrote:
>>> Or a library that the user-written launcher calls.  Or a plugin that 
>>> qemud calls.
>> A plugin would lose the security context.  It could attempt to 
>> recreate it that seems like a lot of unnecessary complexity.
> A plugin would create the security context instead of the launcher.
> Currently security contexts are created by the login process.

It's not always that centralized.  An initial context is created by the 
login process, but then later something may come along and create a 
network namespace as part of containerization.

>   We could easily reuse that.  Any other security context code would 
> be custom written; so it can be written as a qemud plugin instead of a 
> bit of code that goes before a qemu launch.

I think we're mostly in agreement with respect to the need to have more 
control over the security context the qemu runs in.  Whether it's 
launched via a daemon or directly I think is an implementation detail 
that we can debate when we get closer to an actual implementation.


Anthony Liguori

More information about the libvir-list mailing list