On 04/26/2010 09:25 AM, Avi Kivity wrote:
On 04/26/2010 05:19 PM, Anthony Liguori wrote:
On 04/26/2010 09:01 AM, Avi Kivity wrote:
On 04/26/2010 04:43 PM, Anthony Liguori wrote:
The reason I lean toward the direct launch model is that it gives
the user a lot of flexibility in terms of using things like
namespaces, DAC, cgroups, capabilities, etc. A lot of potential
features are lost when you do indirect launch because you have to
teach the daemon how to support each of these features.
But what's the alternative? Teach the user how to do all these things?
You can expose layers of API. The lowest layer makes no changes to
the security context. A higher (optional) layer could do dynamic
labelling.
Or a library that the user-written launcher calls. Or a plugin that
qemud calls.
A plugin would lose the security context. It could attempt to recreate
it that seems like a lot of unnecessary complexity.
Regards,
Anthony Liguori
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list