qemu:///embed and isolation from global components
Andrea Bolognani
abologna at redhat.com
Thu Mar 12 17:57:20 UTC 2020
On Wed, 2020-03-11 at 09:53 +0000, Daniel P. Berrangé wrote:
> On Tue, Mar 10, 2020 at 07:25:46PM +0100, Andrea Bolognani wrote:
> > In your scenario, when you don't specify a scope you get the same
> > one as the primary driver is using (this matches the current
> > behavior): so if you are using qemu:///session, every <interface>
> > will use network:///session unless you explicitly specify
> > scope='system', at which point network:///system will be used; in
> > the same fashion, if you're connected to qemu:///embed, the default
> > for <interface>s should be network:///embed, with the possibility
> > to use either network:///session (with scope='session') or, most
> > likely, network:///system (with scope='system').
>
> No, I'm not talking about using the same URI for the secondary
> drivers, I'm talking about using the same *privilege* level.
> ie, qemu:///system and a qemu:///embed running as root should
> both use the privileged network/storage driver. The qemu:///session
> and qemu:///embed running as non-root should both default to
> the unprivileged network/storage drivers.
What's the advantage of conflating URI and privilege level? It seems
to me like it only makes things complicated when they could be
absolutely straightforward instead.
In fact, I believe libguestfs developers have long lamented the fact
that it's not really possible to have qemu:///session for the root
user, which is caused by the same kind of logic... It would be
preferable, I think, not to introduce even more instances of it.
> > > With such functionality present, it logically then also extends to
> > > cover connections to daemons running in different namespaces.
> >
> > I'm still unclear on how this scenario, which would apparently have
> > multiple eg. privileged virtnetworkd, running at the same time but in
> > different network namespaces, would work.
>
> There would need to be some selection method, most likely a way
> to explicitly specify the socket path, but this is a longish way
> into the future.
Got it!
--
Andrea Bolognani / Red Hat / Virtualization
More information about the libvir-list
mailing list