On 03/02/11 11:56, Dor Laor wrote: > On 03/02/2011 12:25 PM, Jes Sorensen wrote: >> On 03/01/11 15:25, Dor Laor wrote: >> Using shared memory this way should allow us to implement the video >> clients without performance loss, in fact it should be beneficial since >> it would allow them to run fully separate from the host daemon. > > Why do you call it a daemon? Each VM instance should have only one, the > 'host daemon' naming is misleading.
I refer to it as a daemon because it is something the client(s) will connect to. But yes, there will be a daemon per VM. > The proper solution long term is to sandbox qemu in a way that there > privileged mode and non privileged mode. It might be implemented using > separate address space or not. Most operations like vnc/rpc/spice/usb > should be run with less privileges. > > The main issue is that doing it right will take time and we'll want > virt-agent be merged before the long term solution is ready. The best > approach would be gradual development Yes I agree, I don't think this will happen overnight, and blocking virtagent with this would be bad. Cheers, Jes
