On 7/20/07, James Morris <[EMAIL PROTECTED]> wrote:
On Fri, 20 Jul 2007, Daniel P. Berrange wrote:
> It could be - if your put the policy at the control API layer instead of
> in QEMU itself.
I think that libvirt may be a bit too high in the virtualization stack
for this control.
What benefits are there for placing such a hook in libvirt vs qemu?
libvirt could still use the vm:entrypoint permission for other types
of VMs it manages.
Then you can bypass MAC security by invoking qemu directly.
- James
--
James Morris
<[EMAIL PROTECTED]>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
kvm-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/kvm-devel
