On 09/04/2014 08:37 PM, bancfc@openmailbox.org wrote:

Hello. I am thinking about using the feature of passing through qemu commands via libvirt. Before I do that I want to make sure that it doesn't have negative security implications.

Only if the actions you do through the backdoor cause something to happen behind libvirt's back in a way that makes libvirt misbehave. It's enough of a risk that the interface is explicitly declared unsupported; but if you only use it for QMP query-* commands, which cannot change qemu state, and therefore cannot confuse libvirt, you probably have no security risk.

I understand that talking to qemu-kvm directly via commandline strips vms from having sVirt protections applied.

Is use of this feature the same case?

The domain is still started by libvirt, so sVirt is still in full force. Using virDomainQemuMonitorCommand is indeed a reasonable way to get through to the qemu monitor while still keeping the security labels intact. Where it gets tricky is what commands you use - better would be patching libvirt to support those actions as a proper supported API. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org