On Tue, Aug 14, 2012 at 11:30:29AM -0700, Matt Joyce wrote: > I have to ask. Wasn't FUSE designed to do alot of this stuff? It is > userspace and it doesn't do nasty stuff to file systems. Why aren't we > going that route? If you read earlier in this thread, you'll see that FUSE is what Nova already uses, and is why we have this CVE. From a non-security POV, FUSE is actually quite inefficient since its operations have to map strictly to POSIX compliant filesystem APIs. Using the libguestfs API directly gives you better performance and more flexible APIs for accomplishing many tasks. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|