[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 2/4] configure: Make ACL mandatory when building the QEMU driver



On Tue, 2017-02-14 at 16:20 +0000, Daniel P. Berrange wrote:
> > On the other hand, we really only care about having the ACL
> > APIs when we are isolating QEMU, which only happens of Linux
> > due to the namespaces requirement... So maybe we could have
> > it as a strict requirement on Linux only, and as an optional
> > dependency on other platforms?
> 
> IMHO it'd be better to just disable the namespace code at build
> time if we don't have libacl rather than adding mandatory build
> deps.

I'm afraid that might lead to people forgetting to install
libacl-devel[1] on Linux and ending up with less security
than expected / desired as a result.

Moreover, we're talking about a package which is literally
35k in size: I would be way more inclined to pay the price
in increased code complexity if we were not dealing with
what will basically end up as a rounding error on any
reasonable hypervisor host.

Not to mention systemd depends on it, so it will be part of
the core package set on most modern Linux distributions.


[1] I know I did while trying to figure this bug out ;)
-- 
Andrea Bolognani / Red Hat / Virtualization


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]