[libvirt] [PATCH v2] qemu: Introduce caching whether /dev/kvm is accessible
Marc Hartmayer
mhartmay at linux.ibm.com
Mon Nov 12 13:48:09 UTC 2018
On Mon, Nov 12, 2018 at 01:30 PM +0100, Pavel Hrdina <phrdina at redhat.com> wrote:
> On Mon, Nov 12, 2018 at 12:50:41PM +0100, Marc Hartmayer wrote:
>> On Thu, Nov 01, 2018 at 09:31 AM +0100, Martin Kletzander <mkletzan at redhat.com> wrote:
>
> [...]
>
>> How can you run a machine/QEMU VM under a different user:group other
>> than changing the user:group in qemu.conf and restart/reload libvirtd?
>>
>> As soon as a VM is running we have not to verify /dev/kvm access, no?
>> (so there should be no problem when libvirtd tries to “reconnect” to
>> already running VMs).
>
> You can add this into your domain XML:
>
> <seclabel type='static' model='dac' relabel='yes'>
> <label>phrdina:phrdina</label>
> </seclabel>
>
> And it will run the qemu process under that user.
Interesting :) Actually, if we consider this then the QEMU caps caching
is broken anyway since 'virQEMUCapsNewData' is calling
'virQEMUCapsNewForBinaryInternal(…, priv->runUid, priv->runGid, …)'.
And 'priv->runUid/runGid' is only set once in virQEMUCapsCacheNew.
Maybe I missed something.
>
> Pavel
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
--
Kind regards / Beste Grüße
Marc Hartmayer
IBM Deutschland Research & Development GmbH
Vorsitzende des Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
More information about the libvir-list
mailing list