[libvirt-users] libvirtd via unix socket using system uri
Peter Crowther
peter.crowther at melandra.com
Tue Apr 30 15:53:44 UTC 2019
On Tue, 30 Apr 2019 at 16:43, Michal Privoznik <mprivozn at redhat.com> wrote:
> Long story short, why bother with /system if you can't use it and not
> use /session instead?
>
> Because according to the FAQ, /session isn't suitable for my use:
- You will definitely want to use qemu:///system if your VMs are acting
as servers. VM autostart on host boot only works for 'system' [Yes, my VMs
are acting as servers]
- the root libvirtd instance has necessary permissions to use proper
networkings via bridges or virtual networks. [Yes, I use OVS, with quite a
complex bridge+VLAN system configured at boot]
- qemu:///session has a serious drawback: [...] the only out of the box
network option is qemu's usermode networking, which has nonobvious
limitations, so its usage is discouraged.
(Source:
https://wiki.libvirt.org/page/FAQ#What_is_the_difference_between_qemu:.2F.2F.2Fsystem_and_qemu:.2F.2F.2Fsession.3F_Which_one_should_I_use.3F
)
So I have to use /system, according to the FAQ. But it'd be nice to nail
the daemon down to reduce the attack surface.
- Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20190430/6424d55e/attachment.htm>
More information about the libvirt-users
mailing list