Re: [RFC] Unify KVM kernel-space and user-space code into a singleproject

[oerg Roedel]

On Mon, Mar 22, 2010 at 01:23:26PM +0000, Richard W.M. Jones wrote:
> On Mon, Mar 22, 2010 at 01:05:13PM +0000, Daniel P. Berrange wrote:
> > This is close to the way libguestfs already works. It boots QEMU/KVM pointing
> > to a minimal stripped down appliance linux OS image, containing a small agent
> > it talks to over some form of vmchannel/serial/virtio-serial device. Thus the
> > kernel in the appliance it runs is the only thing that needs to know about the
> > filesystem/lvm/dm on-disk formats - libguestfs definitely does not want to be
> > duplicating this detailed knowledge of on disk format itself. It is doing
> > full read-write access to the guest filesystem in offline mode - one of the
> > major use cases is disaster recovery from a unbootable guest OS image.
> 
> As Dan said, the 'daemon' part is separate and could be run as a
> standard part of a guest install, talking over vmchannel to the host.
> The only real issue I can see is adding access control to the daemon
> (currently it doesn't need it and doesn't do any).  Doing it this way
> you'd be leveraging the ~250,000 lines of existing libguestfs code,
> bindings in multiple languages, tools etc.

I think we don't need per-guest-file access control. Probably we could
apply the image-file permissions to all guestfs files. This would cover
the usecases:

	* perf for reading symbol information (needs ro-access only
	  anyway)
	* Desktop like host<->guest file copy

I have not looked into libguestfs yet but I guess this approach is
easier to achieve.

	Joerg

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/