From: Anthony PERARD <anthony.perard@citrix.com>
To: George Dunlap <george.dunlap@citrix.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>,
Wei Liu <wei.liu2@citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Tim Deegan <tim@xen.org>,
Ross Lagerwall <ross.lagerwall@citrix.com>,
Julien Grall <julien.grall@arm.com>,
Jan Beulich <jbeulich@suse.com>,
Ian Jackson <ian.jackson@citrix.com>,
xen-devel@lists.xenproject.org
Subject: Re: [PATCH] docs/qemu-deprivilege: Revise and update with status and future plans
Date: Fri, 23 Mar 2018 12:13:11 +0000 [thread overview]
Message-ID: <20180323121311.GE2109@perard> (raw)
In-Reply-To: <20180322182437.936-1-george.dunlap@citrix.com>
On Thu, Mar 22, 2018 at 06:24:37PM +0000, George Dunlap wrote:
> +### Disks
> +
> +The chroot (and seccomp?) happens late enough such that QEMU can
> +initialize itself and open its disks. If you want to add a disk at run
> +time via or insert a CD, you can't pass a path because QEMU is
> +chrooted. Instead use the add-fd QMP command and use
> +/dev/fdset/<fdset-id> as the path.
> +
> +A further layer of restriction could be to set RLIMIT_NOFILES to '0',
> +and hand all disks over QMP.
The "add-fd" can work also on the command line. But I guess using only
QMP will be better from libxl point of view, only one code path to add
disks.
Also, with dm_restrict=1, another todo: qdisk backend doesn't work. We
probably needs to start a second QEMU process for pv backends.
--
Anthony PERARD
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2018-03-23 12:13 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-22 18:24 [PATCH] docs/qemu-deprivilege: Revise and update with status and future plans George Dunlap
2018-03-23 9:41 ` Ross Lagerwall
2018-03-23 10:01 ` Roger Pau Monné
2018-03-23 10:53 ` George Dunlap
2018-03-23 11:33 ` Ross Lagerwall
2018-03-23 12:13 ` Anthony PERARD [this message]
2018-03-26 16:43 ` Ian Jackson
2018-03-27 10:20 ` George Dunlap
2018-03-27 11:24 ` George Dunlap
2018-03-27 13:33 ` Ian Jackson
2018-03-27 14:15 ` George Dunlap
2018-03-27 14:24 ` George Dunlap
2018-03-27 14:37 ` Ian Jackson
2018-03-27 14:45 ` George Dunlap
2018-03-27 14:36 ` Ian Jackson
2018-03-27 15:52 ` George Dunlap
2018-03-28 12:47 ` Ross Lagerwall
2018-03-28 13:44 ` George Dunlap
2018-03-27 10:21 ` George Dunlap
2018-03-28 12:28 ` Ross Lagerwall
2018-03-28 13:26 ` George Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180323121311.GE2109@perard \
--to=anthony.perard@citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=george.dunlap@citrix.com \
--cc=ian.jackson@citrix.com \
--cc=jbeulich@suse.com \
--cc=julien.grall@arm.com \
--cc=ross.lagerwall@citrix.com \
--cc=sstabellini@kernel.org \
--cc=tim@xen.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.