[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] libguestfs integration: rich disk access for libvirt applications



On Wed, Sep 28, 2011 at 05:35:46PM +0100, Stefan Hajnoczi wrote:
> On Wed, Sep 28, 2011 at 1:19 PM, Richard W.M. Jones <rjones redhat com> wrote:
> > On Wed, Sep 28, 2011 at 11:14:57AM +0100, Stefan Hajnoczi wrote:
> >> Does febootstrap-supermin-helper need to be dynamic or could
> >> libguestfs create a /var/lib/guestfs/appliance-initramfs.gz on
> >> install?  Then libguestfs on the client can create the appliance
> >> domain and point at that static initramfs file path.
> >
> > This is how the Debian package of libguestfs works (Hilko's official
> > package, not my one).
> >
> > However this is troublesome because it means any security problem in a
> > dependent program is baked into the appliance.  Applying a security
> > update to the host wouldn't update this libguestfs appliance.  Compare
> > this to the way febootstrap-supermin-helper normally works (eg
> > upstream, Fedora and RHEL): the appliance is rebuilt whenever any
> > change is noticed in a dependent program.
> 
> That sounds like a limitation in the packaging system.
> 
> If 'watch' hooks can be registered by the libguestfs package on its
> dependencies, then it can rebuild itself every thing a dependency
> changes.  Or the low-tech way is for the libguestfs package maintainer
> to create a new package each time its dependencies have updated -
> Debian has a volatile repo for packages that change a lot.
> 
> At the end of the day we have this problem because the libguestfs
> appliance is a distro built from the underlying distro itself :)!

RPM & dpkg both have trigger mechanisms.  The Debian package doesn't
appear to use it for whatever reason.  In the RPM we just don't use
triggers because the checksum method we're using is more convenient
and produces about the same result.

We could change this but I want to look at other alternatives as well.
In particular, using 9pfs might mean there's no need to explicitly
build a root appliance at all (but it needs some qemu changes).

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]