[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 1/6] docs/qemu-deprivilege: Revise and update with status and future plans



On Fri, Sep 21, 2018 at 06:04:23PM +0100, George Dunlap wrote:
> +## Migration
> +
> +When calling xen-save-devices-state, since QEMU is running in a chroot
> +it is not useful to pass a filename (it doesn't even have write access
> +inside the chroot). Instead, give it an open fd using the add-fd
> +mechanism.

That describe an issue only on save. The restore part of a migration
also have an issue:

On restore, QEMU signal to libxl that it is ready only after priviledge
restriction have been put in place (and after or when it receive the
migration data). But xenstore isn't available anymore, so restore fails
from libxl point-of-view.


Or maybe you describe here an issue that would arise when an hypothetic
chroot is apply. But the migration issue describe here still apply
without chroot and with only -runas, the path libxl give to QEMU is
accessible by root only.


> diff --git a/docs/features/qemu-deprivilege.pandoc 
> b/docs/features/qemu-deprivilege.pandoc
> new file mode 100644
> index 0000000000..b377076606
> --- /dev/null
> +++ b/docs/features/qemu-deprivilege.pandoc
[...]
> +# Technical details
> +
> +See docs/design/qemu-deprivilege.txt for technical details.

Right now, this doc have the ".md" suffix, not ".txt", I don't know if
that matter.


-- 
Anthony PERARD

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.