Re: [libvirt] [PATCH V9 3/3] Add support for file descriptor sets
On 03/11/2013 05:36 PM, Eric Blake wrote:
On 03/07/2013 11:14 AM, Stefan Berger wrote:
> <serial type='dev'>
> <source path='/dev/ttyS0'/>
> <target port='0'/>
> </serial>
> <serial type='pipe'>
> <source path='/tmp/testpipe'/>
> <target port='1'/>
> </serial>
And here, these files support SELinux labeling, so maybe fd passing is
overkill, other than proof of concept that we are doing fd passing
correctly. So, I'm debating on how much of this patch needs to be
applied, or whether we should split it into smaller chunks to ease
backporting of some portions to older libvirt without dragging in
everything.
I misinterpreted your fd-passing related comments on TPM support for
QEMU and thought that this is where you wanted to move in general also
thinking that seccomp support for eliminating open() must be one goal.
Actually, while I wrote this patch I also had a part that passed the
monitor via fd to QEMU, but obviously there is no support for this. This
could possibly eliminate the socket() call from QEMU. Knocking out open
and socket syscalls would then become dependent on which devices are
used by QEMU ( I suppose some devices still require open to be called in
the path somewhere ), thus making this configuration-dependent and
likely difficult to test. I guess the use-case where no SELinux support
is available is weak or non-existent so that seccomp would need to be used.
Stefan