Re: [libvirt] [Qemu-devel] Re: Libvirt debug API

On 04/26/2010 09:01 AM, Avi Kivity wrote: > On 04/26/2010 04:43 PM, Anthony Liguori wrote: >> The reason I lean toward the direct launch model is that it gives >> the user a lot of flexibility in terms of using things like >> namespaces, DAC, cgroups, capabilities, etc. A lot of potential >> features are lost when you do indirect launch because you have to >> teach the daemon how to support each of these features. > > But what's the alternative? Teach the user how to do all these things? You can expose layers of API. The lowest layer makes no changes to the security context. A higher (optional) layer could do dynamic labelling.

> It's infinitely flexible, but it's not an API you can give to a > management tool developer. I think the goal of a management API should be to make common things very simple to do but not preclude doing even the most advanced things.