John Snow <js...@redhat.com> writes: > On 12/24/19 8:00 AM, Daniel P. Berrangé wrote: >> Based on experiance in libvirt, this is an even larger job than (4), >> as the feature set here is huge. Much of it directly ties into the >> config problem, as to deal with SELinux / namespace setup the code >> needs to understand what resources to provide access to. This >> requires a way to express 100% coverage of all QEMU configuration >> in use & analyse it to determine what resources it implies. So this >> ties strongly into QAPI-ification completion. > > Is it totally bonkers to suggest that QEMU provide a method of digesting > a given configuration and returning a configuration object that a > standalone jailer can use? > > So we have a QEMU manager, the generic jailer, and QEMU. QEMU and the > manager cooperate to produce the jailing configuration, and the jailer > does what we ask it to. > > Nuts?
With the nuts-o-meter calibrated for QEMU CLI: nope, this hardly moves the needle.
