Il 22/02/2013 12:51, Dietmar Maurer ha scritto: >> You can also use the named-export support. Something like >> > >> > --nbd=127.0.0.1:1235 >> > --blockdev=virtio-drive0 --blockdev=virtio-drive1 --blockdev=ide0-hd0 >> > >> > etc. >> > >> > Then QEMU can migrate to nbd://127.0.0.1:1235/virtio-drive0. >> > >>> > > Or how can we guarantee that only one kvm process can write to that NBD >> > device? >> > >> > Why is this needed? > Security? I don't want that another process can write nonsense into my backup.
They can already write nonsense to your iSCSI target, can't they? But you can always sandbox using SELinux, if you care about that, or use a Unix socket + SCM_CREDENTIALS. Paolo
