On Mon, Feb 27, 2017 at 10:30:33AM -0500, Artom Lifshitz wrote: > > - virtio-vsock - think of this as UNIX domain sockets between the host and > > guest. This is to deal with the valid use case of people wanting to use > > a network protocol, but not wanting an real NIC exposed to the guest/host > > for security concerns. As such I think it'd be useful to run the metadata > > service over virtio-vsock as an option. It'd likely address at lesat some > > people's security concerns wrt metadata service. It would also fix the > > ability to use the metadat service in IPv6-only environments, as we would > > not be using IP at all :-) > > Is this currently exposed by libvirt? I had a look at [1] and couldn't > find any mention of 'vsock' or anything that resembles what you've > described.
Not yet. The basic QEMU feature merged in 2.8.0, but we're still wiring up varous bits of userspace. eg selinux-policy, libvirt, nfs server, and so on to understand vsock Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :| __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
