[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH V9 3/3] Add support for file descriptor sets



On 03/11/2013 05:36 PM, Eric Blake wrote:
On 03/07/2013 11:14 AM, Stefan Berger wrote:

    <serial type='dev'>
       <source path='/dev/ttyS0'/>
       <target port='0'/>
     </serial>
     <serial type='pipe'>
       <source path='/tmp/testpipe'/>
       <target port='1'/>
     </serial>
And here, these files support SELinux labeling, so maybe fd passing is
overkill, other than proof of concept that we are doing fd passing
correctly.  So, I'm debating on how much of this patch needs to be
applied, or whether we should split it into smaller chunks to ease
backporting of some portions to older libvirt without dragging in
everything.

I misinterpreted your fd-passing related comments on TPM support for QEMU and thought that this is where you wanted to move in general also thinking that seccomp support for eliminating open() must be one goal. Actually, while I wrote this patch I also had a part that passed the monitor via fd to QEMU, but obviously there is no support for this. This could possibly eliminate the socket() call from QEMU. Knocking out open and socket syscalls would then become dependent on which devices are used by QEMU ( I suppose some devices still require open to be called in the path somewhere ), thus making this configuration-dependent and likely difficult to test. I guess the use-case where no SELinux support is available is weak or non-existent so that seccomp would need to be used.

  Stefan


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]