Hi Daniel, Thanks for comments and examples.
As you already know that for any application running on Host platform can communicate with Guest through Virtio-Serial device. What we are looking at is the security provided by Apparmor is crucial so that the Host will not allow any software running in Guest can access outside of the directories/files dynamically added in the libvirt-qemue configuration file of apparmor. As this file is created dynamically from Libvirt XML file, We are thinking that if we can expose Virtio-serial device of Guest through Dashboard [Horizon], Then it will be good from host security perspective and as well it is upto the User to enable virtio-serial interface based on his requirements like Application software requirement in Guest. Appreciate your comments or suggestions on this. Regards, Balaji.P -----Original Message----- From: Daniel P. Berrange [mailto:berra...@redhat.com] Sent: Thursday, September 26, 2013 1:41 PM To: P Balaji-B37839 Cc: OpenStack Development Mailing List Subject: Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver On Thu, Sep 26, 2013 at 03:05:16AM +0000, P Balaji-B37839 wrote: > Hi Ravi, > > We did this as part of PoC few months back. > > Daniel can give us more comments on this as he is the lead for Libvirt > support in Nova. Just adding the ability to expose virtio-serial devices to the guest doesn't do much. You need to have a credible story for what connects and deals with the host side of the device in Nova. For the QEMU guest agent, libvirt will own the host side and use it for various APIs it supports. For the SPICE agent, QEMU owns the host side and uses it to support functionality used by the SPICE client. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
