Re: libvirtd via unix socket using system uri

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 30 Apr 2019 at 16:43, Michal Privoznik <mprivozn@xxxxxxxxxx> wrote:
Long story short, why bother with /system if you can't use it and not
use /session instead?

Because according to the FAQ, /session isn't suitable for my use:
  • You will definitely want to use qemu:///system if your VMs are acting as servers. VM autostart on host boot only works for 'system' [Yes, my VMs are acting as servers]
  • the root libvirtd instance has necessary permissions to use proper networkings via bridges or virtual networks. [Yes, I use OVS, with quite a complex bridge+VLAN system configured at boot]
  • qemu:///session has a serious drawback: [...] the only out of the box network option is qemu's usermode networking, which has nonobvious limitations, so its usage is discouraged.
(Source: https://wiki.libvirt.org/page/FAQ#What_is_the_difference_between_qemu:.2F.2F.2Fsystem_and_qemu:.2F.2F.2Fsession.3F_Which_one_should_I_use.3F)

So I have to use /system, according to the FAQ.  But it'd be nice to nail the daemon down to reduce the attack surface.

- Peter
_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users
[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux