qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v4 0/6] Efficient VM backup for qemu


From: Paolo Bonzini
Subject: Re: [Qemu-devel] [PATCH v4 0/6] Efficient VM backup for qemu
Date: Fri, 22 Feb 2013 14:07:11 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2

Il 22/02/2013 14:02, Dietmar Maurer ha scritto:
> 
>>>>> Why is this needed?
>>> Security? I don't want that another process can write nonsense into my
>> backup.
>>
>> They can already write nonsense to your iSCSI target, can't they?
> 
> I am more concerned about software bugs. You need to find a free port, and 
> then pass that port to kvm. If the original server dies, it is likely that 
> another
> process start using the same port ...

Hardly specific to this case, but indeed you're right.

>> But you can always sandbox using SELinux, if you care about that, or use a 
>> Unix
>> socket + SCM_CREDENTIALS.
> 
> unix sockets works with qemu nbd code?

Sure.  nbd+unix:///exportname?socket=path is the new URI syntax, I
honestly forgot the old one.  SCM_CREDENTIALS checks (qemu-nbd --pid or
something like that) is not supported, but patches would be very welcome.

Paolo




reply via email to

[Prev in Thread] Current Thread [Next in Thread]