Re: [PATCH 2/4] configure: Make ACL mandatory when building the QEMU driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2017-02-14 at 16:20 +0000, Daniel P. Berrange wrote:
> > On the other hand, we really only care about having the ACL
> > APIs when we are isolating QEMU, which only happens of Linux
> > due to the namespaces requirement... So maybe we could have
> > it as a strict requirement on Linux only, and as an optional
> > dependency on other platforms?
> 
> IMHO it'd be better to just disable the namespace code at build
> time if we don't have libacl rather than adding mandatory build
> deps.

I'm afraid that might lead to people forgetting to install
libacl-devel[1] on Linux and ending up with less security
than expected / desired as a result.

Moreover, we're talking about a package which is literally
35k in size: I would be way more inclined to pay the price
in increased code complexity if we were not dealing with
what will basically end up as a rounding error on any
reasonable hypervisor host.

Not to mention systemd depends on it, so it will be part of
the core package set on most modern Linux distributions.


[1] I know I did while trying to figure this bug out ;)
-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]
  Powered by Linux