[libvirt] [Qemu-devel] Re: Supporting hypervisor specific APIs in libvirt

Anthony Liguori anthony at codemonkey.ws
Wed Mar 24 12:30:47 UTC 2010

On 03/24/2010 07:27 AM, Avi Kivity wrote:
> On 03/24/2010 02:19 PM, Anthony Liguori wrote:
>>> qemud
>>>   - daemonaizes itself
>>>   - listens on /var/lib/qemud/guests for incoming guest connections
>>>   - listens on /var/lib/qemud/clients for incoming client connections
>>>   - filters access according to uid (SCM_CREDENTIALS)
>>>   - can pass a new monitor to client (SCM_RIGHTS)
>>>   - supports 'list' command to query running guests
>>>   - async messages on guest startup/exit
>> Then guests run with the wrong security context.
> Why?  They run with the security context of whoever launched them 
> (could be libvirtd).

Because it doesn't have the same security context as qemud and since 
clients have to connect to qemud, qemud has to implement access control.

It's far better to have the qemu instance advertise itself such that and 
client connects directly to it.  Then all of the various authorization 
models will be applied correctly to it.


Anthony Liguori

More information about the libvir-list mailing list