[fedora-virt] libguestfs best practices: Exposing files from the host for the duration of a session

[Daniel P. Berrange]

On Fri, May 29, 2009 at 12:10:05PM +0100, Richard W.M. Jones wrote:
> On Fri, May 29, 2009 at 03:13:10AM -0700, Ask Bjørn Hansen wrote:
> > On May 29, 2009, at 2:44, Richard W.M. Jones wrote:
> >> If we put an FTP server inside the appliance, things are better.  FTP
> >> clients are widely available, either standalone or as libraries for
> >> many programming languages.  They just need to be able to make a TCP
> >> connection, so there is no requirement for special privileges.  On the
> >> server side (inside the appliance) the FTP server is running as "root"
> >> so it can make arbitrary changes to the filesystem.
> >
> > Please make FTP die already!  :-)
> >
> > How about HTTP (WebDAV) or - better - just use the ssh file transfer  
> > protocol?
> 
> ssh isn't too widely supported (from programming language libraries).
> Does libssh2 even support scp?
> 
> WebDAV is possible, but it comes down to how much crap it will depend
> upon, all of which needs to go into the appliance.
> 
> FTP is widely supported and well understood, and the servers are old,
> small, self-contained code.  I really think it's better for this, and
> not just because I once wrote an FTP server ...

I tend to agree with this - ssh is overkill here - the host <->guest
channel is already secure by virtue of using vmchannel, so using ssh
is not really required. FTP is a really easy to implement, low overhead
protocol that'd fit nicely here. I can't really think of what WebDAV
would do for this use case that FTP can't do in a simpler manner.

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|