[libvirt] [Qemu-devel] Re: Supporting hypervisor specific APIs in libvirt

Anthony Liguori anthony at codemonkey.ws
Wed Mar 24 12:23:01 UTC 2010

On 03/24/2010 05:42 AM, Avi Kivity wrote:
>> The filtering access part of this daemon is also not mapping well onto
>> libvirt's access model, because we don't soley filter based on UID in
>> libvirtd. We have it configurable based on UID, policykit, SASL, 
>> TLS/x509
>> already, and intend adding role based access control to further filter
>> things, integrating with the existing apparmour/selinux security models.
>> A qemud that filters based on UID only, gives users a side-channel to 
>> get
>> around libvirt's access control.
> That's true.  Any time you write a multiplexer these issues crop up.  
> Much better to stay in single process land where everything is already 
> taken care of.

What does a multiplexer give you that making individual qemu instances 
discoverable doesn't give you?  The later doesn't suffer from these 


Anthony Liguori

> So, at best qemud is a toy for people who are annoyed by libvirt.

More information about the libvir-list mailing list