Re: [PATCH] Enhance perf to collect KVM guest os statistics fromhost side
From: Ingo Molnar
Date: Mon Mar 22 2010 - 06:38:15 EST
* oerg Roedel <joro@xxxxxxxxxx> wrote:
> > It can decide whether it exposes the files. Nor are there any "security
> > issues" to begin with.
>
> I am not talking about security. [...]
You were talking about security, in the portion of your mail that you snipped
out, and which i replied to:
> > 2. The guest can decide for its own if it want to pass this
> > inforamtion to the host-perf. No security issues at all.
I understood that portion to mean what it says: that your claim that your
proposal 'has no security issues at all', in contrast to my suggestion.
> [...] Security was sufficiently flamed about already.
All i saw was my suggestion to allow a guest to securely (and scalably and
conveniently) integrate/mount its filesystems to the host if both sides (both
the host and the guest) permit it, to make it easier for instrumentation to
pick up symbol details.
I.e. if a guest runs then its filesystem may be present on the host side as:
/guests/Fedora-G1/
/guests/Fedora-G1/proc/
/guests/Fedora-G1/usr/
/guests/Fedora-G1/.../
( This feature would be configurable and would be default-off, to maintain the
current status quo. )
i.e. it's a bit like sshfs or NFS or loopback block mounts, just in an
integrated and working fashion (sshfs doesnt work well with /proc for example)
and more guest transparent (obviously sshfs or NFS exports need per guest
configuration), and lower overhead than sshfs/NFS - i.e. without the
(unnecessary) networking overhead.
That suggestion was 'countered' by an unsubstantiated claim by Anthony that
this kind of usability feature would somehow be a 'security nighmare'.
In reality it is just an incremental, more usable, faster and more
guest-transparent form of what is already possible today via:
- loopback mounts on host
- NFS exports
- SMB exports
- sshfs
- (and other mechanisms)
I wish there was at least flaming about it - as flames tend to have at least
some specifics in them.
What i saw instead was a claim about a 'security nightmare', which was, when i
asked for specifics, was followed by deafening silence. And you appear to have
repeated that claim here, unwilling to back it up with specifics.
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/