[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [Qemu-devel] Re: Supporting hypervisor specific APIs in libvirt



On 03/24/2010 07:27 AM, Avi Kivity wrote:
On 03/24/2010 02:19 PM, Anthony Liguori wrote:
qemud
  - daemonaizes itself
  - listens on /var/lib/qemud/guests for incoming guest connections
  - listens on /var/lib/qemud/clients for incoming client connections
  - filters access according to uid (SCM_CREDENTIALS)
  - can pass a new monitor to client (SCM_RIGHTS)
  - supports 'list' command to query running guests
  - async messages on guest startup/exit


Then guests run with the wrong security context.

Why? They run with the security context of whoever launched them (could be libvirtd).

Because it doesn't have the same security context as qemud and since clients have to connect to qemud, qemud has to implement access control.

It's far better to have the qemu instance advertise itself such that and client connects directly to it. Then all of the various authorization models will be applied correctly to it.

Regards,

Anthony Liguori


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]