On Fri, Oct 18, 2019 at 11:16:16AM -0500, Eric Blake wrote:
On 10/18/19 10:38 AM, Richard W.M. Jones wrote:
> On platforms which support it (only Linux currently) nbdkit can act as
> a vsock server. Guests running on the host see a raw NBD socket which
> it can connect to by opening an AF_VSOCK connection. (Although only
> libnbd supports this).
>
> The current limitations are:
>
> * nbdkit can only act as a host (cid == VMADDR_CID_HOST == 2).
How hard would it be to allow a different cid to run a server on the guest
and client on the host?
>
> * There is no access control. Any guest which has vsock enabled can
> open the socket.
Well, there's TLS if you need it.
Encryption is overkill really.
At some point in the future it is probably worth integrating support for
SASL auth into the NBD protocol. It is complementary to TLS and can be
used on its own if no encryption is needed.
Regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|