[libvirt] libguestfs integration: rich disk access for libvirt applications
Stefan Hajnoczi
stefanha at gmail.com
Wed Sep 28 16:35:46 UTC 2011
On Wed, Sep 28, 2011 at 1:19 PM, Richard W.M. Jones <rjones at redhat.com> wrote:
> On Wed, Sep 28, 2011 at 11:14:57AM +0100, Stefan Hajnoczi wrote:
>> Does febootstrap-supermin-helper need to be dynamic or could
>> libguestfs create a /var/lib/guestfs/appliance-initramfs.gz on
>> install? Then libguestfs on the client can create the appliance
>> domain and point at that static initramfs file path.
>
> This is how the Debian package of libguestfs works (Hilko's official
> package, not my one).
>
> However this is troublesome because it means any security problem in a
> dependent program is baked into the appliance. Applying a security
> update to the host wouldn't update this libguestfs appliance. Compare
> this to the way febootstrap-supermin-helper normally works (eg
> upstream, Fedora and RHEL): the appliance is rebuilt whenever any
> change is noticed in a dependent program.
That sounds like a limitation in the packaging system.
If 'watch' hooks can be registered by the libguestfs package on its
dependencies, then it can rebuild itself every thing a dependency
changes. Or the low-tech way is for the libguestfs package maintainer
to create a new package each time its dependencies have updated -
Debian has a volatile repo for packages that change a lot.
At the end of the day we have this problem because the libguestfs
appliance is a distro built from the underlying distro itself :)!
Stefan
More information about the libvir-list
mailing list