On 03/24/2010 07:27 AM, Avi Kivity wrote:
On 03/24/2010 02:19 PM, Anthony Liguori wrote:
>> qemud
>> - daemonaizes itself
>> - listens on /var/lib/qemud/guests for incoming guest connections
>> - listens on /var/lib/qemud/clients for incoming client connections
>> - filters access according to uid (SCM_CREDENTIALS)
>> - can pass a new monitor to client (SCM_RIGHTS)
>> - supports 'list' command to query running guests
>> - async messages on guest startup/exit
>
>
> Then guests run with the wrong security context.
Why? They run with the security context of whoever launched them
(could be libvirtd).
Because it doesn't have the same security context as qemud and since
clients have to connect to qemud, qemud has to implement access control.
It's far better to have the qemu instance advertise itself such that and
client connects directly to it. Then all of the various authorization
models will be applied correctly to it.
Regards,
Anthony Liguori