[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] libxl: Add spice vdagent support for upstream qemu

On Tue, 2013-03-26 at 17:42 +0000, Fabio Fantoni wrote:
> Il 26/03/2013 17:30, Ian Jackson ha scritto:
> > Fabio Fantoni writes ("Re: [PATCH] libxl: Add spice vdagent support for 
> > upstream qemu"):
> >> Spice for now not have very good documentation, his documentation is
> >> mainly on kvm even if is working also without kvm, I used vdagent for
> >> one year manually without problem on xen, it provide some very useful (I
> >> think essential) functions.
> >> For small and fast description about it probably the description of this
> >> package is good:
> >> http://packages.debian.org/wheezy/spice-vdagent
> > Hmmm.
> >
> > Does this then pass more things through to the guest ?  Is there any
> > security risk to the host ?  This is I'm afraid unclear, and is why
> > I'm hesitating.

> I think there aren't security risk for host because these are only 
> operation done between spice client and guest os if this channel is 
> present on qemu of guest and agent is installed on guest os.

Looks like (from http://spice-space.org/page/Whiteboard/AgentProtocol)
this protocol supports things like clipboard sharing, which may or may
not be what the person starting the VM wants depending on who they are
allowing to access the VM remotely.

So I think at a minimum this needs to only be optionally added to the
guest, and probably to default to off even if spice is enabled.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.