Enable socket-activation for qemu (improved systemd supervision)

Goal

I want to be able to have the systemd process supervisor launch a qemu instance when a client connects to one of the sockets that it expects to use.

This kind of "socket activation" offers at least two benefits:

• the qemu process doesn't run at all until someone tries to interact with it (fewer resources consumed)
• the process supervisor can open the listening sockets and potentially give them different ownership/permissions than the qemu process itself could. This lets us run the qemu process with fewer permissions, which is safer for the host.

Technical details

Socket activation for systemd is done by ensuring that some extra file descriptors are open when the process is executed. The fact that extra file descriptors are available is indicated in the supervised process' environment, as described by sd_listen_fds and the systemd File Descriptor Store documentation. Each provided file descriptor can be labeled with a name (via the FileDescriptorName= directive in systemd.socket), to be able to distinguish them from each other.

Additional information

To make this work, qemu would need to know how to look for an already-open file descriptor that has been passed in this way. There are several possible kinds of sockets that qemu already listens on that could additionally use this kind of activation, whether that's an enhancement to the spice server configuration (-spice), network devices, monitors, or maybe a new -chardev backend mechanism.

See systemd.socket for more explanations of the kinds of file descriptor that systemd can open on its own and pass to a running process. TCP, UDP, FIFO, Netdev, Unix-domain sockets, etc, are all possible.