On 01/27/2010 11:54 AM, Sridhar Samudrala wrote:
I too think that we should not block raw backend in qemu just because of
security reasons. It should be perfectly fine to use raw backend in
scenarios where qemu can be run as a privileged process.
libvirt need not support raw backend until we figure out a secure way to
start qemu when passing raw fd. using network namespaces seems like a
good option.
Introducing something that is known to be problematic from a security
perspective without any clear idea of what the use-case for it is is a
bad idea IMHO.
Regards,
Anthony Liguori
Thanks
Sridhar
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
