Libguestfs - Mar 2010 - [RFC] Unify KVM kernel-space and user-space code into a single project

On Mon, Mar 22, 2010 at 02:56:47PM +0100, Ingo Molnar
wrote:
> Just curious: any plans to extend this to include live read/write access as
> well?
>
> I.e. to have the 'agent' (guestfsd) running universally, so that
> tools such as perf and by users could rely on the VFS integration as
> well, not just disaster recovery tools?
Totally.  That's not to say there is a definite plan, but we're very
open to doing this.  We already wrote the daemon in such a way that it
doesn't require the appliance part, but could run inside any existing
guest (we've even ported bits of it to Windoze ...).

The only remaining issue is how access control would be handled.  You
obviously wouldn't want anything in the host that can get access to
the vmchannel socket to start sending destructive write commands into
guests.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://et.redhat.com/~rjones/virt-df/

* Richard W.M. Jones <rjones at redhat.com> wrote:
> On Mon, Mar 22, 2010 at 02:56:47PM +0100, Ingo Molnar wrote:
> > Just curious: any plans to extend this to include live read/write
access as
> > well?
> >
> > I.e. to have the 'agent' (guestfsd) running universally, so
that
> > tools such as perf and by users could rely on the VFS integration as
> > well, not just disaster recovery tools?
> 
> Totally.  That's not to say there is a definite plan, but we're
very open to
> doing this.  We already wrote the daemon in such a way that it doesn't 
> require the appliance part, but could run inside any existing guest
(we've
> even ported bits of it to Windoze ...).
> 
> The only remaining issue is how access control would be handled.  You 
> obviously wouldn't want anything in the host that can get access to the
> vmchannel socket to start sending destructive write commands into guests.
By default i'd suggest to put it into a maximally restricted mount point.
I.e.
restrict access to only the security context running libguestfs or so.

( Which in practice will be the user starting the guest, so there will be 
  proper protection from other users while still allowing easy access to the 
  user that has access already. )

	Ingo