[libvirt] [Qemu-devel] Re: Supporting hypervisor specific APIs in libvirt

Avi Kivity avi at redhat.com
Wed Mar 24 12:32:34 UTC 2010

On 03/24/2010 02:30 PM, Anthony Liguori wrote:
> On 03/24/2010 07:27 AM, Avi Kivity wrote:
>> On 03/24/2010 02:19 PM, Anthony Liguori wrote:
>>>> qemud
>>>>   - daemonaizes itself
>>>>   - listens on /var/lib/qemud/guests for incoming guest connections
>>>>   - listens on /var/lib/qemud/clients for incoming client connections
>>>>   - filters access according to uid (SCM_CREDENTIALS)
>>>>   - can pass a new monitor to client (SCM_RIGHTS)
>>>>   - supports 'list' command to query running guests
>>>>   - async messages on guest startup/exit
>>> Then guests run with the wrong security context.
>> Why?  They run with the security context of whoever launched them 
>> (could be libvirtd).
> Because it doesn't have the same security context as qemud and since 
> clients have to connect to qemud, qemud has to implement access control.


> It's far better to have the qemu instance advertise itself such that 
> and client connects directly to it.  Then all of the various 
> authorization models will be applied correctly to it.

Agreed.  qemud->exit().

error compiling committee.c: too many arguments to function

More information about the libvir-list mailing list