On Mon, Jan 5, 2026 at 2:06 AM Daniel P. Berrangé <[email protected]> wrote: > > On Sun, Dec 28, 2025 at 02:38:38PM -0800, Mitchel Humpherys wrote: > > Introduce a new QEMU hook operation "stop" that is called before a > > domain is terminated (via virsh shutdown or virsh destroy). This allows > > external scripts to perform cleanup or veto the stop process by > > returning a non-zero exit code. The hook is called as: > > IMHO this idea is conceptually flawed. We cannot guarantee to veto a > stop process because the guest OS itself can shutdown and/or crash at > any time, and libvirt can't prevent it doing that. So this hook is > only able to veto a shutdown initiated by a host admin. At that point > this looks rather like an access control mechanism, and we already have > that available with our API access control system. So IMHO only the > existing "stopped" hook makes conceptual sense.
Makes sense... Thanks for taking a look. I'm looking into the polkit ACL stuff now, which I didn't even know existed! Mitch
