> > > Hi Daniel, > > > > > > Thanks for comments and examples. > > > > > > As you already know that for any application running on Host > > > platform can communicate with Guest through Virtio-Serial device. > > > What we are looking at is the security provided by Apparmor is > > > crucial so that the Host will not allow any software running in > > > Guest can access outside of the directories/files dynamically added > > > in the libvirt-qemue configuration file of apparmor. > > > > > > As this file is created dynamically from Libvirt XML file, We are > > > thinking that if we can expose Virtio-serial device of Guest through > > > Dashboard [Horizon], Then it will be good from host security > > > perspective and as well it is upto the User to enable virtio-serial > > > interface based on his requirements like Application software > requirement in Guest. > > > > This doesn't really answer my question. There are 2 commonly available > > agents (SPICE agent + QEMU guest agent) in the KVM world and we have > > support for those in Nova at least. There may be UI missing in Horizon > > to enable though. Any further agents would require some kind of > > software integration on the host with either qemu, libvirt or Nova > > itself. So any blueprint should specify what that new agent is, and > > how it will be integrated in the Nova compute host. > > [P Balaji-B37839] Correct. Nova has support for the commonly > > available agents as listed above. We are thinking about generic > > interface which can be used by any application software in Guest. More > > precisely, it will be like there won't be any agent in VM, Instead any > > Application Software can use this generic Virtio-Serial Interface to > > make use of communicating with Host. Using libvirt frame work might be > > best option, so that security aspects of exposing this interface can be > taken care. > > Please fix your email client so that it properly indents text you are > quoting with '> '. It makes it very hard to follow replies as your do it > now. > > Communicating with *what* on the host ? [P Balaji-B37839] Here *what* refers to any daemon/agent which is proprietary based on the Application architecture inside Guest using the Virtio-Serial Interface created for VM. > > Regards, > Daniel > -- > |: http://berrange.com -o- > http://www.flickr.com/photos/dberrange/ :| > |: http://libvirt.org -o- http://virt- > manager.org :| > |: http://autobuild.org -o- > http://search.cpan.org/~danberr/ :| > |: http://entangle-photo.org -o- http://live.gnome.org/gtk- > vnc :|
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
