On Wed, Sep 28, 2011 at 06:52:13PM +0100, Richard W.M. Jones wrote: > On Wed, Sep 28, 2011 at 06:37:17PM +0100, Daniel P. Berrange wrote: > > On Wed, Sep 28, 2011 at 11:14:57AM +0100, Stefan Hajnoczi wrote: > > > On Tue, Sep 27, 2011 at 12:55 PM, Richard W.M. Jones <rjones@xxxxxxxxxx> wrote: > > > > To put this all into one place: > > > > > > > > (1) An ugly new libvirt API that runs febootstrap-supermin-helper to > > > > create the appliance. > > > [...] > > > > I'm worried about item (1) in this list ... > > > > > > This is the only instance where libvirt knows about libguestfs. All > > > other steps are libguest only or involve libguestfs knowing about > > > libvirt. > > > > > > Would it be possible introduce a "domain-builder" concept into > > > libvirt? When libguestfs is installed it drops a domain-builder > > > configuration/script that libvirt can pick up. Then you can say > > > something like virDomainBuild(name="guestfs-appliance", > > > builder="guestfs"). > > > > We do have a historical syntax from Xen paravirt which lets us call out > > to a helper at boot time, namely the "<bootloader>" element. With Xen > > this is typically something like pygrub, or pxegrub, which does some > > work and writes out a kernel+initrd into temporary files, and prints > > the file paths + any kernel args on stdout. > > > > We could just wire up this concept in KVM too without any real trouble, > > and then we could have guestfs-bootloader script todo the magic setup > > I'm fine with this. > > Are there security implications to allowing users to add <bootloader> > clauses pointing at random scripts that get run on remote machines as > different users? Yes, but you have to consider a connection to libvirtd, to be equivalent to a root shell at this time anyway. When we get RBAC in libvirt we'll be able to control who can make such configurations, and/or whitelist bootloaders in the SELinux policy so only trusted ones can be run Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list