[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] libxl: Add spice vdagent support for upstream qemu

To: "fantonifabio@xxxxxxxxxx" <fantonifabio@xxxxxxxxxx>
From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Date: Mon, 22 Apr 2013 13:11:44 +0100
Cc: Fabio Fantoni <fabio.fantoni@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Stefano Stabellini <Stefano.Stabellini@xxxxxxxxxxxxx>
Delivery-date: Mon, 22 Apr 2013 12:12:32 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, 2013-03-26 at 17:42 +0000, Fabio Fantoni wrote:
> Il 26/03/2013 17:30, Ian Jackson ha scritto:
> > Fabio Fantoni writes ("Re: [PATCH] libxl: Add spice vdagent support for 
> > upstream qemu"):
> >> Spice for now not have very good documentation, his documentation is
> >> mainly on kvm even if is working also without kvm, I used vdagent for
> >> one year manually without problem on xen, it provide some very useful (I
> >> think essential) functions.
> >> For small and fast description about it probably the description of this
> >> package is good:
> >> http://packages.debian.org/wheezy/spice-vdagent
> > Hmmm.
> >
> > Does this then pass more things through to the guest ?  Is there any
> > security risk to the host ?  This is I'm afraid unclear, and is why
> > I'm hesitating.

> I think there aren't security risk for host because these are only 
> operation done between spice client and guest os if this channel is 
> present on qemu of guest and agent is installed on guest os.

Looks like (from http://spice-space.org/page/Whiteboard/AgentProtocol)
this protocol supports things like clipboard sharing, which may or may
not be what the person starting the VM wants depending on who they are
allowing to access the VM remotely.

So I think at a minimum this needs to only be optionally added to the
guest, and probably to default to off even if spice is enabled.

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Prev by Date: Re: [Xen-devel] [PATCH v2] tools/tests/mem-sharing/memshrtool share-all test
Next by Date: Re: [Xen-devel] [PATCH v3 0/11] Rename/remove IS_PRIV
Previous by thread: Re: [Xen-devel] [PATCH v2] tools/tests/mem-sharing/memshrtool share-all test
Next by thread: [Xen-devel] [PATCH] xenballoond: remove as it is now obsolete + unsupported code
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.