From Fedora Project Wiki

< FWN‎ | Beats

(start on the next issue)
Line 6: Line 6:
Contributing Writer: [[DaleBewley | Dale Bewley]]
Contributing Writer: [[DaleBewley | Dale Bewley]]


=== Enterprise Management Tools List ===
This section contains the discussion happening on the
[http://www.redhat.com/mailman/listinfo/et-mgmt-tools et-mgmt-tools list]


 
=== Fedora Virtualization List ===
 
 
=== Libvirt List ===
This section contains the discussion happening on the
This section contains the discussion happening on the
[http://www.redhat.com/mailman/listinfo/libvir-list libvir-list].
[http://www.redhat.com/mailman/listinfo/fedora-virt fedora-virt list].


==== sVirt 0.30 Released ====
==== New Virtualization Wiki Pages ====
[[JamesMorris|James Morris]] announced[1] "the release of v0.30 of <code>sVirt</code>[2], a project to add security labeling support to Linux-based virtualization.
[[MarkMcLoughlin|Mark McLoughlin]] has been busy revising[1] existing, creating
new, and archiving[2] old Fedora Virtualization wiki pages. You can help[3].


[1] http://www.redhat.com/archives/libvir-list/2009-January/msg00158.html
[1] http://fedoraproject.org/wiki/Category:Virtualization


[2] http://selinuxproject.org/page/SVirt
[2] http://fedoraproject.org/wiki/Category:Virtualization_archive


==== sVirt Qemu Hurdles ====
[3] http://fedoraproject.org/wiki/Help:Editing#Gaining_Edit_Access
[[DanielWalsh|Daniel J Walsh]] began to work on the svirt lock down of the <code>qemu</code> process, and
saw[1] a problem with "the {{package|qemu}} binaries are being used to both setup the guest image
environment and then to run the guest image."


"The problem with this is the act of installing an image or setting up
==== Fedora 11 Virtualization Features ====
the environment an image runs within requires much more privileges then
[[MarkMcLoughlin|Mark McLoughlin]] announced[1] the virtualization features
actually running the image."
in development for [[Releases/11 | Fedora 11]].


"SELinux runs best when one processes forks/execs another process this
* [[Features/VirtVNCAuth|VirtVNCAuth]]
allows us to run the two processes under different labels. Each process
: Define a mapping of SASL authentication into the VNC protocol, and implement it for <code>QEMU</code> and <code>GTK-VNC</code>, providing strongly authenticated, securely encrypted remote access of virtual guest consoles.
with the privileges required to run."


[1] http://www.redhat.com/archives/libvir-list/2009-January/msg00198.html
* [[Features/KVM_PCI_Device_Assignment|KVM PCI Device Assignment]]
: Assign PCI devices from your <code>KVM</code> host machine to guest virtual machines. A common example is assigning a network card to a guest.


==== Fine Grained Access Controls ====
* [[Features/KVM_and_QEMU_merge|KVM and QEMU Merge]]
[[KonradEriksson|Konrad Eriksson]] desired[1] is "an addition[2] to {{package|libvirt}} that enables access control on individual actions and data that can be accessed through the library API.  This could take the form of an AC-module that, based on the identity of the caller, checks each call and grants/denies access to carry out the action (could also take parameters in account) and optionally filter the return data.  The AC-module could then interface different backend AC solutions (SELinux, RBAC, ...) or alternatively implement an internal scheme."
: Combine the {{package|kvm}} and {{package|qemu}} packages into a single package.


[[DanielBerrange|Daniel P. Berrange]] pointed[3] out how this relates
[1] http://www.redhat.com/archives/fedora-virt/2009-January/msg00024.html
to <code>sVirt</code>. "At this stage <code>sVirt</code> is primarily about protecting guests from each other, and protecting the host from guests.  Konrad's suggestions are about protecting guests/hosts from administrators, by providing more fine grained control over what libvirt APIs an admin can invoke & on what objects.  Both bits of work are required & are complementary to each other."


[1] http://www.redhat.com/archives/libvir-list/2009-January/msg00282.html
=== Fedora Xen List ===
This section contains the discussion happening on the
[http://www.redhat.com/mailman/listinfo/fedora-xen fedora-xen list].


[2] http://wiki.libvirt.org/page/TodoFineGrainedSecurity
=== Libvirt List ===
This section contains the discussion happening on the
[http://www.redhat.com/mailman/listinfo/libvir-list libvir-list].


[3] http://www.redhat.com/archives/libvir-list/2009-January/msg00362.html
=== oVirt Devel List ===
 
This section contains the discussion happening on the
==== Configuring Host Interfaces RFC ====
[http://www.redhat.com/mailman/listinfo/ovirt-devel ovirt-devel list].
[[DavidLutterkort|David Lutterkort]] composed[1] an RFC beginning
"For certain applications, we want {{package|libvirt}} to be able to configure host
network interfaces in a variety of ways; currently, we are most
interested in teaching <code>libvirt</code> how to set up ordinary ethernet
interfaces, bridges, bonding and vlan's.
Below is a high-level proposal of how that could be done. Please comment
copiously ;)"
 
Adding this type of support struck some as a complex open-ended prospect.
[[JohnLevon|John Levon]] argued[2] "We should be considering why <code>libvirt</code> is /well-placed/ to configure the
host. I think it should be pretty clear that it's actually not: the
problems around distro differences alone is a good indication. The
proposed API is anaemic enough to not be of much use. This is way beyond carving out the physical system into virtual chunks
and it's a big step towards lib*virt* becoming libmanagement."
 
[[DanielBerrange|Daniel P. Berrange]] countered[3]
"The existance of many different [implementations] is exactly the reason for <code>libvirt</code>
to have this capability. <code>Libvirt</code> is providing a consistent mgmt API
for management of guests and host networking interfaces is as much a
part of this as the storage management. <code>Libvirt</code> is providing this
capability across virtualization technology." Also saying[4] "Network interface APIs are the core missing piece of <code>libvirt</code> API functionality IMHO."
 
[1] http://www.redhat.com/archives/libvir-list/2009-January/msg00350.html
 
[2] http://www.redhat.com/archives/libvir-list/2009-January/msg00398.html
 
[3] http://www.redhat.com/archives/libvir-list/2009-January/msg00403.html
 
[4] http://www.redhat.com/archives/libvir-list/2009-January/msg00414.html

Revision as of 17:05, 24 January 2009

Virtualization

In this section, we cover discussion on the @et-mgmnt-tools-list, @fedora-xen-list, @libvirt-list and @ovirt-devel-list of Fedora virtualization technologies.

Contributing Writer: Dale Bewley

Enterprise Management Tools List

This section contains the discussion happening on the et-mgmt-tools list

Fedora Virtualization List

This section contains the discussion happening on the fedora-virt list.

New Virtualization Wiki Pages

Mark McLoughlin has been busy revising[1] existing, creating new, and archiving[2] old Fedora Virtualization wiki pages. You can help[3].

[1] http://fedoraproject.org/wiki/Category:Virtualization

[2] http://fedoraproject.org/wiki/Category:Virtualization_archive

[3] http://fedoraproject.org/wiki/Help:Editing#Gaining_Edit_Access

Fedora 11 Virtualization Features

Mark McLoughlin announced[1] the virtualization features in development for Fedora 11.

Define a mapping of SASL authentication into the VNC protocol, and implement it for QEMU and GTK-VNC, providing strongly authenticated, securely encrypted remote access of virtual guest consoles.
Assign PCI devices from your KVM host machine to guest virtual machines. A common example is assigning a network card to a guest.
Combine the Package-x-generic-16.pngkvm and Package-x-generic-16.pngqemu packages into a single package.

[1] http://www.redhat.com/archives/fedora-virt/2009-January/msg00024.html

Fedora Xen List

This section contains the discussion happening on the fedora-xen list.

Libvirt List

This section contains the discussion happening on the libvir-list.

oVirt Devel List

This section contains the discussion happening on the ovirt-devel list.