[libvirt] [PATCH v2 0/8] Speed up waiting for the session daemon

Martin Kletzander mkletzan at redhat.com
Wed Jul 23 08:49:33 UTC 2014 

On Tue, Jul 22, 2014 at 05:11:23PM +0200, Martin Kletzander wrote:
>On Tue, Jul 22, 2014 at 01:36:56PM +0100, Daniel P. Berrange wrote:
>>On Wed, Jul 16, 2014 at 08:29:54PM +0200, Martin Kletzander wrote:
>>> This is complete rework of:
>>>
>>> http://www.redhat.com/archives/libvir-list/2013-April/msg01351.html
>>>
>>> where Daniel suggested we use systemd-like passing of socket fd in
>>> combination with the LISTEN_FDS environment variable:
>>>
>>> http://www.redhat.com/archives/libvir-list/2013-April/msg01356.html
>>>
>>> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=927369
>>
>>Obviously that bug is focused on starting of the session daemon,
>>but the code we're adding here should work with systemd. Have you
>>tested that this actually allows for systemd activation of the
>>privileged libvirtd. If we're adding this FD passing, I think we
>>really ought to make sure we support this, so we don't have to
>>revisit it later. Should add a libvirtd.socket unit file too
>>so we have systemd activation by default for libvirtd.
>>
>
>Obviously I haven't.  I just wanted to get rid of that silly, silly
>bug.
>

And now I tried and ... it Just Works(TM).  I'll add a configuration
comment and libvirtd.socket.in file in the patch and send a v3.  Let
me know what do you think of those permission settings there.

>>NB, we stil need to enable the daemon by default anyway since
>>libvirtd needs todo autostart of VMs, but having the socket
>>activation too avoids some race conditions with startup.
>>
>
>Yes, that's one of the reasons why I think it will create more
>confusion than races it will resolve.
>
>I'll _try_ to work this in, but how would you suggest to set up the
>initial permissions?  Anything the user will change in libvirtd.conf
>he will also have to change in the libvirt.socket file, because
>someone might use the filesystem-level permission checking for
>isolating some users (or anything else) because we don't want to break
>that.
>
>>
>>Regards,
>>Daniel
>>--
>>|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
>>|: http://libvirt.org              -o-             http://virt-manager.org :|
>>|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
>>|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|



>--
>libvir-list mailing list
>libvir-list at redhat.com
>https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140723/57aeef43/attachment-0001.sig>

More information about the libvir-list mailing list