Re: [libvirt] [PATCH 2/4] configure: Make ACL mandatory when building the QEMU driver
On Tue, 2017-02-14 at 16:20 +0000, Daniel P. Berrange wrote:
> On the other hand, we really only care about having the ACL
> APIs when we are isolating QEMU, which only happens of Linux
> due to the namespaces requirement... So maybe we could have
> it as a strict requirement on Linux only, and as an optional
> dependency on other platforms?
IMHO it'd be better to just disable the namespace code at build
time if we don't have libacl rather than adding mandatory build
deps.
I'm afraid that might lead to people forgetting to install
libacl-devel[1] on Linux and ending up with less security
than expected / desired as a result.
Moreover, we're talking about a package which is literally
35k in size: I would be way more inclined to pay the price
in increased code complexity if we were not dealing with
what will basically end up as a rounding error on any
reasonable hypervisor host.
Not to mention systemd depends on it, so it will be part of
the core package set on most modern Linux distributions.
[1] I know I did while trying to figure this bug out ;)
--
Andrea Bolognani / Red Hat / Virtualization