From Fedora Project Wiki

< FWN‎ | Beats
 
(299 intermediate revisions by 4 users not shown)
Line 1: Line 1:
[[Category:Virtualization]] <!-- do not copy into FWN issue -->
{{Anchor|Virtualization}}
{{Anchor|Virtualization}}


== Virtualization ==
== Virtualization ==
In this section, we cover discussion on the @et-mgmnt-tools-list, @fedora-xen-list, @libvirt-list and @ovirt-devel-list of Fedora virtualization technologies.  
In this section, we cover discussion of Fedora virtualization technologies on the
 
@fedora-virt list.
Contributing Writer: [[DaleBewley | Dale Bewley]]
 


Contributing Writer: [[User:Dale | Dale Bewley]]


=== Fedora Xen List ===
=== Fedora Virtualization List ===
This section contains the discussion happening on the
[http://www.redhat.com/mailman/listinfo/fedora-xen fedora-xen list].
 
=== Libvirt List ===
This section contains the discussion happening on the
This section contains the discussion happening on the
[http://www.redhat.com/mailman/listinfo/libvir-list libvir-list].
[http://www.redhat.com/mailman/listinfo/fedora-virt fedora-virt list].
 
==== sVirt 0.30 Released ====
[[JamesMorris|James Morris]] announced[1] "the release of v0.30 of <code>sVirt</code>[2], a project to add security labeling support to Linux-based virtualization.
 
[1] http://www.redhat.com/archives/libvir-list/2009-January/msg00158.html
 
[2] http://selinuxproject.org/page/SVirt
 
==== sVirt Qemu Hurdles ====
[[DanielWalsh|Daniel J Walsh]] began to work on the svirt lock down of the <code>qemu</code> process, and
saw[1] a problem with "the {{package|qemu}} binaries are being used to both setup the guest image
environment and then to run the guest image."


"The problem with this is the act of installing an image or setting up
==== Virt Status Report ====
the environment an image runs within requires much more privileges then
[[JustinForbes|Justin Forbes]]
actually running the image."
posted<ref>http://www.redhat.com/archives/fedora-virt/2009-December/msg00056.html</ref> a Fedora virtualization status report.
Justin pointed out F13 bugs<ref>http://fedoraproject.org/wiki/Virtualization_bugs</ref> now include Important and Pony classifications in addition to Blocker and Target.


"SELinux runs best when one processes forks/execs another process this
<references />
allows us to run the two processes under different labels. Each process
with the privileges required to run."


[1] http://www.redhat.com/archives/libvir-list/2009-January/msg00198.html
==== RHEL and Fedora Virtualization Feature Parity ====
Robert Day wondered how the virtualization features<ref>http://www.redhat.com/virtualization/rhev/</ref> of Red Hat Enterprise Linux 5.4
compared to Fedora 12.


==== Fine Grained Access Controls ====
[[DanielBerrange|Daniel Berrange]]  
[[KonradEriksson|Konrad Eriksson]] desired[1] is "an addition[2] to {{package|libvirt}} that enables access control on individual actions and data that can be accessed through the library API.  This could take the form of an AC-module that, based on the identity of the caller, checks each call and grants/denies access to carry out the action (could also take parameters in account) and optionally filter the return data.  The AC-module could then interface different backend AC solutions (SELinux, RBAC, ...) or alternatively implement an internal scheme."
explained<ref>http://www.redhat.com/archives/fedora-virt/2009-December/msg00040.html</ref>
"The KVM based virtualization in RHEL-5.4 is not nearly so far behind
Fedora as you might think. The {{package|libvirt}} mgmt stack in RHEL-5.4 was
rebased to be near parity with [[Releases/11|Fedora 11]], and KVM in RHEL-5.4 is
also pretty close to that using what's best described as a hybrid of
kvm-83 and kvm-84."


[[DanielBerrange|Daniel P. Berrange]] pointed[3] out how this relates
<references />
to <code>sVirt</code>.  "At this stage <code>sVirt</code> is primarily about protecting guests from each other, and protecting the host from guests.  Konrad's suggestions are about protecting guests/hosts from administrators, by providing more fine grained control over what libvirt APIs an admin can invoke & on what objects.  Both bits of work are required & are complementary to each other."


[1] http://www.redhat.com/archives/libvir-list/2009-January/msg00282.html


[2] http://wiki.libvirt.org/page/TodoFineGrainedSecurity
====  ====
<references />


[3] http://www.redhat.com/archives/libvir-list/2009-January/msg00362.html
====  ====
 
<references />
=== oVirt Devel List ===
This section contains the discussion happening on the
[http://www.redhat.com/mailman/listinfo/ovirt-devel ovirt-devel list].

Latest revision as of 18:09, 18 December 2009



Virtualization

In this section, we cover discussion of Fedora virtualization technologies on the @fedora-virt list.

Contributing Writer: Dale Bewley

Fedora Virtualization List

This section contains the discussion happening on the fedora-virt list.

Virt Status Report

Justin Forbes posted[1] a Fedora virtualization status report. Justin pointed out F13 bugs[2] now include Important and Pony classifications in addition to Blocker and Target.

  1. http://www.redhat.com/archives/fedora-virt/2009-December/msg00056.html
  2. http://fedoraproject.org/wiki/Virtualization_bugs

RHEL and Fedora Virtualization Feature Parity

Robert Day wondered how the virtualization features[1] of Red Hat Enterprise Linux 5.4 compared to Fedora 12.

Daniel Berrange explained[2] "The KVM based virtualization in RHEL-5.4 is not nearly so far behind Fedora as you might think. The Package-x-generic-16.pnglibvirt mgmt stack in RHEL-5.4 was rebased to be near parity with Fedora 11, and KVM in RHEL-5.4 is also pretty close to that using what's best described as a hybrid of kvm-83 and kvm-84."

  1. http://www.redhat.com/virtualization/rhev/
  2. http://www.redhat.com/archives/fedora-virt/2009-December/msg00040.html



Retrieved from "https://fedoraproject.org/w/index.php?title=FWN/Beats/Virtualization&oldid=142485"