On Fri, Nov 24, 2017 at 03:38:54PM +0100, Michal Privoznik wrote: > On 08/22/2017 06:27 PM, Paolo Bonzini wrote: > > Hi all, > > > > Sorry for resurrecting old thread but seems like there was no agreement > reached. > > We don't want to expose any paths because the fact that PR helper is a > separate binary that uses a UNIX socket to talk to qemu is a > implementation detail of qemu. Other HVs may have it differently. > > However, we want to be able to turn it on/off or not mention it at all > on per-disk basis. So what has been suggested so far is: > > <disk type='block' device='disk'> > <source dev='/dev/sda'> > <target dev='sda' bus='scsi'/> > <reservations enable='yes'/> > </disk> > > for privileged qemu, then: > > <disk type='block' device='disk'> > <source dev='/dev/sda'> > <target dev='sda' bus='scsi'/> > <reservations enable='yes'> > <source type='unix' path='/path/to/a/socket' mode='server'/> > <reservations> > </disk> > > for unprivileged qemu, or: > > <disk type='block' device='disk'> > <source dev='/dev/sda'> > <target dev='sda' bus='scsi'/> > <reservations enable='no'/> > </disk> > > for PR feature turned off (equivalent to leaving it out completely). > > Now, my question is, in the first case - how should libvirt chose the > path? Should it be different for each disk/domain? How is the daemon > started in the first place - should libvirt start it? And when should > libvirt kill it? The core question is one daemon per QEMU, or one daemon per host. I'd be more inclined to have one daemon per QEMU so we always have isolation and thus do't have to worry about a shared daemon being a potential attack point between distinct QEMU's. If one daemon per host, then for privileged libvirtd, we should make sure the daemon ships with a systemd unit file + socket activation file, then we have a well-known cross-distro standardized socket path. If one daemon per QEMU, then we should just put the socket in the VM's private dir under /var/run/libvirt/qemu/$GUEST/. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list