On Mon, Jul 02, 2012 at 04:31:09PM -0600, Eric Blake wrote: > On 07/02/2012 04:02 PM, Corey Bryant wrote: > > > Here's another option that Kevin and I discussed today on IRC. I've > > modified a few minor details since the discussion. And Kevin please > > correct me if anything is wrong. > > > > Proposal Four: Pass a set of fds via 'pass-fds'. The group of fds > > should all refer to the same file, but may have different access flags > > (ie. O_RDWR, O_RDONLY). qemu_open can then dup the fd that has the > > matching access mode flags. > > But this means that libvirt has to open a file O_RDWR up front for any > file that it _might_ need qemu to reopen later, and that qemu is now > hanging on to 2 fds per fdset instead of 1 fd for the life of any client > of the fdset. > > I see no reason why libvirt can't pass in an O_RDWR fd when qemu only > needs to use an O_RDONLY fd; If libvirt has only granted read-only access to the file with sVirt, then passing a O_RDWR file handle to QEMU will result in an SELinux denial, even if QEMU doesn't try to do I/O on it. So this is out of the question. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list