[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Redesign of QEMU startup & initial configuration
From: |
Daniel P . Berrangé |
Subject: |
Re: Redesign of QEMU startup & initial configuration |
Date: |
Wed, 15 Dec 2021 18:50:26 +0000 |
User-agent: |
Mutt/2.1.3 (2021-09-10) |
On Wed, Dec 15, 2021 at 07:46:37PM +0100, Paolo Bonzini wrote:
> On 12/13/21 19:53, Daniel P. Berrangé wrote:
> > > Adding vhost-user backends and helper processes means one of two things:
> > > either you are not going to support hotplug, or you are going to redo
> > > libvirtd with a QMP-based RPC.
> >
> > If it were possible to keep auto-spawning of helpers at the high level
> > that feels cleaner, so that the low level only has to worry about a
> > single way of doing things. If that is too hard for hotplug though,
> > so be it, leave auto-spawning in the low level.
>
> OTOH, autospawning in the low-level saves hotplugging but it kills
> sandboxing; the seccomp filter prohibits forking.
I think the kind of users we expect to leverage the high level interface
don't especially need sandboxing. They're more the people doing adhoc
virtualization or emulation tasks, not production deployments of VMs.
If they need strong security they'd be better off using a layer like
libvirt.
> The libvirt model is the only good one once you care about separation of
> privilege. The idea of moving large parts of libvirt's domain driver into a
> new QEMU-level binary was floated around in the past by Andrea Bolognani,
> and I don't dislike it; but I don't believe anybody will have time to
> actually realize it, much less to bring it to feature parity.
Yep, lets not create masses more work for ourselves, by expanding the
scope of this new design.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- Re: Redesign of QEMU startup & initial configuration, (continued)
- Re: Redesign of QEMU startup & initial configuration, Paolo Bonzini, 2021/12/13
- Re: Redesign of QEMU startup & initial configuration, Daniel P . Berrangé, 2021/12/13
- Re: Redesign of QEMU startup & initial configuration, Paolo Bonzini, 2021/12/13
- Re: Redesign of QEMU startup & initial configuration, Daniel P . Berrangé, 2021/12/13
- Meeting today?, Mark Burton, 2021/12/14
- Re: Meeting today?, Markus Armbruster, 2021/12/14
- Re: Meeting today?, Mark Burton, 2021/12/14
- Re: Meeting today?, Daniel P . Berrangé, 2021/12/14
- Re: Meeting today?, Markus Armbruster, 2021/12/14
- Re: Redesign of QEMU startup & initial configuration, Paolo Bonzini, 2021/12/15
- Re: Redesign of QEMU startup & initial configuration,
Daniel P . Berrangé <=
- Re: Redesign of QEMU startup & initial configuration, Markus Armbruster, 2021/12/14
- Re: Redesign of QEMU startup & initial configuration, Mark Burton, 2021/12/14
- Re: Redesign of QEMU startup & initial configuration, Markus Armbruster, 2021/12/14
- Re: Redesign of QEMU startup & initial configuration, Paolo Bonzini, 2021/12/15
- Re: Redesign of QEMU startup & initial configuration, Mark Burton, 2021/12/15
- Re: Redesign of QEMU startup & initial configuration, Markus Armbruster, 2021/12/16
- Re: Redesign of QEMU startup & initial configuration, Paolo Bonzini, 2021/12/16
- Re: Redesign of QEMU startup & initial configuration, Daniel P . Berrangé, 2021/12/16
- Re: Redesign of QEMU startup & initial configuration, Mark Burton, 2021/12/16
- Re: Redesign of QEMU startup & initial configuration, Daniel P . Berrangé, 2021/12/16