[fedora-virt] customizing VMM on a per-user basis to use libguestfs?

Daniel P. Berrange berrange at redhat.com
Tue Apr 21 19:04:49 UTC 2009 

On Tue, Apr 21, 2009 at 02:33:54PM -0400, Cole Robinson wrote:
> On 04/21/2009 02:12 PM, Daniel P. Berrange wrote:
> > On Tue, Apr 21, 2009 at 12:10:31PM -0400, Robert P. J. Day wrote:
> >>   is there a mechanism for customizing VMM settings on a per-user
> >> basis?  i ask since i'd like to test guestfish and libguestfs on a
> >> recently-created VM but, by default, new VM images are created in
> >> /var/lib/libvirt/images, and that directory is not accessible to
> >> non-root users.
> >>
> >>   as a non-root user, if i was about to start working with VMs, i'd
> >> like to be able to invoke "virt-manager" and, *before* creating any
> >> VMs, set some config options, such as where my images are going to go
> >> (ideally, in a personal images directory).  that would make those
> >> images accessible to my account.
> >>
> >>   but if i fire up "virt-manager", i can see "Edit" -> "Preferences"
> >> but that doesn't allow me that kind of per-user configuration.  does
> >> that kind of configuration even exist?  and, with those default
> >> settings and permissions, how *would* one use libguestfs and guestfish
> >> as a regular user?
> >>
> >>   or am i once again missing something critical?
> > 
> > There are two classes of libvirt driver connection
> > 
> >  - Privileged, per-host connections
> >  - Unprivileged, per-user connections
> > 
> > 
> > Xen provides a per-host connection. UserModeLinux and QEMU provide 
> > both (qemu:///system and qemu:///session). VirtualBox just proivides
> > a per-user instance (vbox:///session) and so on.
> > 
> > Now by default in Fedora, when connecting to QEMU, virt-manager will
> > use the privileged per-host connection, so VMs end up in the system
> > directory /var/lib/libvirt/images.
> > 
> > Our goal (perhaps for F12) should be for local desktop virt use
> > cases to use the unprivileged  QEMU connection qemu://session
> > by default, and have VM disk images stored in your home directory
> > 
> 
> How would we allow KVM access? Unix groups or something else?

Two options

 - A UNIX group for /dev/kvm
 - Just make it world writable


In theory now KVM no longer pins all guest RAM into host RAM, it is 
reasonable safe to allow users to access it without any restrictions.
(eg option 2) Will need to confirm with KVM developers if this is 
really so, but that was the intention last time i asked them.


Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

More information about the Fedora-virt mailing list