On Tue, 2017-02-14 at 16:20 +0000, Daniel P. Berrange wrote: > > On the other hand, we really only care about having the ACL > > APIs when we are isolating QEMU, which only happens of Linux > > due to the namespaces requirement... So maybe we could have > > it as a strict requirement on Linux only, and as an optional > > dependency on other platforms? > > IMHO it'd be better to just disable the namespace code at build > time if we don't have libacl rather than adding mandatory build > deps. I'm afraid that might lead to people forgetting to install libacl-devel[1] on Linux and ending up with less security than expected / desired as a result. Moreover, we're talking about a package which is literally 35k in size: I would be way more inclined to pay the price in increased code complexity if we were not dealing with what will basically end up as a rounding error on any reasonable hypervisor host. Not to mention systemd depends on it, so it will be part of the core package set on most modern Linux distributions. [1] I know I did while trying to figure this bug out ;) -- Andrea Bolognani / Red Hat / Virtualization -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
