On 01/27/2010 11:54 AM, Sridhar Samudrala wrote:
I too think that we should not block raw backend in qemu just because of security reasons. It should be perfectly fine to use raw backend in scenarios where qemu can be run as a privileged process. libvirt need not support raw backend until we figure out a secure way to start qemu when passing raw fd. using network namespaces seems like a good option.
Introducing something that is known to be problematic from a security perspective without any clear idea of what the use-case for it is is a bad idea IMHO.
Regards, Anthony Liguori
Thanks Sridhar
-- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
