|
| From: | Wainer dos Santos Moschetta |
| Subject: | Re: [PATCH 0/1] Allow to build virtiofsd without the entire tools |
| Date: | Tue, 2 Feb 2021 09:48:38 -0300 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 |
Hi,
Il lun 1 feb 2021, 22:15 Wainer dos Santos Moschetta <wainersm@redhat.com> ha scritto:
Not too long ago (QEMU 5.0) it was possible to configure with --disable-tools
and still have virtiofsd built. With the recent port of the build system to
Meson, it is now built together with the tools though.
The Kata Containers [1] project build QEMU with --disable-tools to decrease the
attack surface
---enable-tools only adds separate executables, therefore it can't add to the attack surface of the emulators. So this is misleading.
You are right, Paolo, thanks for the comment. I meant to say the
project avoid installing unneeded binaries on the system, extra
files which may be subject to CVEs and force a sysadmin to handle
them. I hope this clarifies my point.
Thanks!
Wainer
That said, it does make sense to let --enable-virtiofsd override --disable-tools, and the same in the other direction too.
Paolo
Side note: in a private chat with Stefan Hajnoczi he come up with the idea
that perhaps --disable-tools could be like --without-default-features where
one can add back on feature-by-feature basis. This is outside the scope of this
series but I thought in sharing because IMHO it is deserves a discussion.
[1] https://katacontainers.io
Wainer dos Santos Moschetta (1):
virtiofsd: Allow to build it without the tools
tools/meson.build | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--
2.29.2
| [Prev in Thread] | Current Thread | [Next in Thread] |