Re: [libvirt PATCH 0/4] remote: switch to modular daemons by default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 6/15/21 2:42 AM, Daniel P. Berrangé wrote:

On Mon, Jun 14, 2021 at 05:22:22PM -0600, Jim Fehlig wrote:

On 6/10/21 7:43 AM, Daniel P. Berrangé wrote:

This series first improves driver probing when using modular daemons.

Currently when URI is NULL, we connect to virtproxyd and it looks
at which UNIX sockets exist and what binaries exist, to decide which
modular hypervisor daemon to connect to.

This means the common case results in all traffic going via virtproxyd.
Moving the logic out of virtproxyd into the remote client means we can
avoid using virtproxyd by default.

With this, we can now switch to the modular daemons by default. The
latter change primarily impacts how autostart works

When running as root we simply connect to whatever UNIX socket exists
and rely on systemd to autostart if needed. Whether the UNIX sockets
are for the modular daemon or libvirt doesn't matter - we'll look for
both. Defaults are dependent on the distros' systemd presets. I intend
to get Fedora / RHEL-9 presets changed to use the modular daemons.


I'll need to do the same for the SUSE presets, along with adjusting zypper
patterns that include libvirtd, and other downstream tweaks. Additional
testing may uncover other issues I haven't considered. I don't _think_
apparmor will prevent things from working since there are no profiles for
the modular daemons. But yes, I'll need to work on some profiles :-).


FWIW, with SELinux we have just copied the existing libvirtd profile
to the modular daemons. That is not optimal of course, but it is as
least no worse than current system. Over time we can refine the profile
to be more strict.
I started with the approach of copying the libvirtd profile to virt{lxc,qemu,xen}d and removing the obvious stuff from each 

https://listman.redhat.com/archives/libvir-list/2021-June/msg00456.html
The xen one in particular can be further reduced. I'm working on that and addressing other comments for V2. 


Also note if you're not ready to switch SUSE, you can just pass the
-Dremote_default_mode=legacy option to meson, which will retain
current behaviour when autostarting.
Nod. I'll make the change after gaining more confidence at the packaging level, e.g. upgrades, etc.
BTW, I've been testing the apparmor work on top of this series and haven't noticed any problems beyond the s/libxl/xen/ issue you already fixed. I didn't review the changes thoroughly but can certainly give a 

Tested-by: Jim Fehlig <jfehlig@xxxxxxxx>

Regards,
Jim
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux