On 12/24/19 8:00 AM, Daniel P. Berrangé wrote: > Based on experiance in libvirt, this is an even larger job than (4), > as the feature set here is huge. Much of it directly ties into the > config problem, as to deal with SELinux / namespace setup the code > needs to understand what resources to provide access to. This > requires a way to express 100% coverage of all QEMU configuration > in use & analyse it to determine what resources it implies. So this > ties strongly into QAPI-ification completion. Is it totally bonkers to suggest that QEMU provide a method of digesting a given configuration and returning a configuration object that a standalone jailer can use? So we have a QEMU manager, the generic jailer, and QEMU. QEMU and the manager cooperate to produce the jailing configuration, and the jailer does what we ask it to. Nuts? --js
- Re: Making QEMU easier fo... John Snow
- Re: Making QEMU easier fo... Markus Armbruster
- Re: Making QEMU easier fo... John Snow
- Re: Making QEMU easier fo... Gerd Hoffmann
- Re: Making QEMU easier for ma... Daniel P . Berrangé
- Re: Making QEMU easier fo... Paolo Bonzini
- Tooling to help humans us... Markus Armbruster
- Re: Making QEMU easier fo... Markus Armbruster
- Re: Making QEMU easier for management ... Markus Armbruster
- Re: Making QEMU easier for management ... Christophe de Dinechin
- Re: Making QEMU easier for management tools and app... John Snow
- Re: Making QEMU easier for management tools an... Markus Armbruster
- Re: Making QEMU easier for management tools an... Daniel P . Berrangé
- Re: Making QEMU easier for management tool... John Snow
- Re: Making QEMU easier for management ... Daniel P . Berrangé
- Re: Making QEMU easier for management tools and app... Paolo Bonzini
- Re: Making QEMU easier for management tools and app... Paolo Bonzini
- Re: Making QEMU easier for management tools an... Markus Armbruster