Re: Making QEMU easier for management tools and applications

[John Snow]

On 12/24/19 8:00 AM, Daniel P. Berrangé wrote:
> Based on experiance in libvirt, this is an even larger job than (4),
> as the feature set here is huge.  Much of it directly ties into the
> config problem, as to deal with SELinux / namespace setup the code
> needs to understand what resources to provide access to. This
> requires a way to express 100% coverage of all QEMU configuration
> in use & analyse it to determine what resources it implies. So this
> ties strongly into QAPI-ification completion.

Is it totally bonkers to suggest that QEMU provide a method of digesting
a given configuration and returning a configuration object that a
standalone jailer can use?

So we have a QEMU manager, the generic jailer, and QEMU. QEMU and the
manager cooperate to produce the jailing configuration, and the jailer
does what we ask it to.

Nuts?

--js