On Thursday 28 January 2010, Anthony Liguori wrote:
> normal user uses libvirt to launch custom qemu instance. libvirt passes
> an fd of a raw socket to qemu and puts the qemu process in a restricted
> network namespace. user has another program running listening on a unix
> domain socket and does something to the qemu process that causes it to
> open the domain socket and send the fd it received from libvirt via
> SCM_RIGHTS.
I looked at the af_unix code and it seems to suggest that this is not
possible, because you cannot bind to a socket that belongs to a different
network namespace. I haven't tried it though, so I may have missed
something.
Arnd
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
