Re: [libvirt] RFC: virt-console
On Tue, Jul 01, 2008 at 11:56:25AM -0400, Daniel Veillard wrote:
On Tue, Jul 01, 2008 at 04:21:38PM +0100, John Levon wrote:
>
> See implementation here:
>
> http://cr.opensolaris.org/~johnlev/virt-console/
>
> (inside libvirt.hg/patches/libvirt/virt-console)
Hum :-)
++ * Daniel Berrange <berrange(a)redhat.com>
++ *
++ * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
> This splits virsh console into a separate binary to allow it to be
> setuid-root on Solaris (where we check permissions then drop privilege).
> It also fixes a number of RFEs
>
> This is against 0.4.0, so it's not ready for merging yet (I hope to get
> it forward ported at some point).
I may be mistaken but this seems to basically be limited to console
for domains running on the local machine, and hum, I doubt it's really
a good approach. Seems to me it's better to talk to the vnc (or other
protocol used to connect remotely) export of the console, and get rid
of the 'localhost only' limitation. But I may very well have missed
something.
This is the same limitation as the existing 'virsh console' - John's
merely splitting it into a separate binary, which is what I previously
suggested for making the solaris privilege separation work better in
the context of virsh.
It is also only intended to be used for the text console - we've already
got perfectly good clients for the remote graphical VNC console.
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|