[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 1/6] docs/qemu-deprivilege: Revise and update with status and future plans

To: George Dunlap <george.dunlap@xxxxxxxxxx>
From: Anthony PERARD <anthony.perard@xxxxxxxxxx>
Date: Tue, 25 Sep 2018 12:20:01 +0100
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Konrad Wilk <konrad.wilk@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 25 Sep 2018 11:20:15 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Fri, Sep 21, 2018 at 06:04:23PM +0100, George Dunlap wrote:
> +## Migration
> +
> +When calling xen-save-devices-state, since QEMU is running in a chroot
> +it is not useful to pass a filename (it doesn't even have write access
> +inside the chroot). Instead, give it an open fd using the add-fd
> +mechanism.

That describe an issue only on save. The restore part of a migration
also have an issue:

On restore, QEMU signal to libxl that it is ready only after priviledge
restriction have been put in place (and after or when it receive the
migration data). But xenstore isn't available anymore, so restore fails
from libxl point-of-view.

Or maybe you describe here an issue that would arise when an hypothetic
chroot is apply. But the migration issue describe here still apply
without chroot and with only -runas, the path libxl give to QEMU is
accessible by root only.

> diff --git a/docs/features/qemu-deprivilege.pandoc 
> b/docs/features/qemu-deprivilege.pandoc
> new file mode 100644
> index 0000000000..b377076606
> --- /dev/null
> +++ b/docs/features/qemu-deprivilege.pandoc
[...]
> +# Technical details
> +
> +See docs/design/qemu-deprivilege.txt for technical details.

Right now, this doc have the ".md" suffix, not ".txt", I don't know if
that matter.

-- 
Anthony PERARD

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v2 1/6] docs/qemu-deprivilege: Revise and update with status and future plans
  - From: George Dunlap

References:
- [Xen-devel] [PATCH v2 1/6] docs/qemu-deprivilege: Revise and update with status and future plans
  - From: George Dunlap

Prev by Date: Re: [Xen-devel] [PATCH] SUPPORT.md: Clarify stubdomain support
Next by Date: [Xen-devel] [xen-unstable-smoke test] 128048: regressions - FAIL
Previous by thread: Re: [Xen-devel] [PATCH v2 1/6] docs/qemu-deprivilege: Revise and update with status and future plans
Next by thread: Re: [Xen-devel] [PATCH v2 1/6] docs/qemu-deprivilege: Revise and update with status and future plans
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.