On 03/07/2013 11:14 AM, Stefan Berger wrote: > Add support for file descriptor sets by converting some of the > command line parameters to use /dev/fdset/%d if -add-fd is found > to be supported by QEMU. For those devices libvirt now open()s > the device to obtain the file descriptor and 'transfers' the > fd using virCommand. > > For the following fragments of domain XML > > > <disk type='file' device='disk'> > <driver name='qemu' type='raw'/> > <source file='/var/lib/libvirt/images/fc14-x86_64.img'/> > <target dev='hda' bus='ide'/> > <address type='drive' controller='0' bus='0' target='0' unit='0'/> > </disk> Discussion on the qemu list has made it obvious that we want this for NFS-mounted images, but maybe not for local images or on other file systems that actually support SELinux labeling (after all, the point of fd passing is not to move DAC checking out of the kernel and into user-space libvirtd, but to make up for lack of SELinux labeling on NFS). Still, we are waiting for a qemu solution on how to do fd passing for backing files (the so-called -blockdev design), which means that for now, the best we could do with the selinux bool virt_use_nfs disabled is support only flat images (no backing file, no creation of snapshots). > > <serial type='dev'> > <source path='/dev/ttyS0'/> > <target port='0'/> > </serial> > <serial type='pipe'> > <source path='/tmp/testpipe'/> > <target port='1'/> > </serial> And here, these files support SELinux labeling, so maybe fd passing is overkill, other than proof of concept that we are doing fd passing correctly. So, I'm debating on how much of this patch needs to be applied, or whether we should split it into smaller chunks to ease backporting of some portions to older libvirt without dragging in everything. > > libvirt now creates the following parts for the QEMU command line: > > old: -drive file=/var/lib/libvirt/images/fc14-x86_64.img,if=none,id=drive-ide0-0-0,format=raw > new: -add-fd set=1,fd=23,opaque=RDONLY:/var/lib/libvirt/images/fc14-x86_64.img > -add-fd set=1,fd=24,opaque=RDWR:/var/lib/libvirt/images/fc14-x86_64.img > -drive file=/dev/fdset/1,if=none,id=drive-ide0-0-0,format=raw > > old: -chardev tty,id=charserial0,path=/dev/ttyS0 > new: -add-fd set=2,fd=30,opaque=/dev/ttyS0 > -chardev tty,id=charserial0,path=/dev/fdset/1 > > old: -chardev pipe,id=charserial1,path=/tmp/testpipe > new: -add-fd set=3,fd=32,opaque=/tmp/testpipe > -chardev pipe,id=charserial1,path=/dev/fdset/2 Still, this looks interesting, and the framework it sets up looks like it will be reusable as we start thinking about fd passing and implications on hotplug. > > Test cases are part of this patch now. > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> > > --- > v8->v9: > - adapted to recent changes in qemu_command.c I'm still working on my reply to the actual contents... -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list