On 01/02/2013 09:55 PM, Richard W.M. Jones wrote: > On Wed, Jan 02, 2013 at 03:36:54PM +0000, Daniel P. Berrange wrote: >> This is something I was thinking about a little over the christmas >> break. I've no intention of implementing this in the immediate >> future, but wanted to post it while it was fresh in my mind. >> >> Historically we have had 2 ways of using the stateful drivers like >> QEMU/LXC/UML/etc. >> >> - "system mode" - privileged libvirtd, one per host, started at boot >> - "session mode" - unprivileged libvirtd, one per non-root user, autostarted >> >> This leads me to wonder whether it is worth exploring the idea of a new >> type of libvirt connection. >> >> - "embed mode" - no libvirtd, driver runs in application context > > Seems like an excellent idea. Seconded. But I also have to wonder if Dan's work-in-progress on fine-grain ACLs could also be used for the case of isolating domains under the control of libguestfs so that virt-manager/oVirt/what-not can't control the libguestfs domains, even though all the domains are managed by the same libvirtd. In other words, you may be able to achieve embedded semantics by means of ACLs. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list