Re: [libvirt] [PATCH v2] qemu: Introduce caching whether /dev/kvm is accessible
On Mon, Nov 12, 2018 at 01:30 PM +0100, Pavel Hrdina <phrdina(a)redhat.com> wrote:
On Mon, Nov 12, 2018 at 12:50:41PM +0100, Marc Hartmayer wrote:
> On Thu, Nov 01, 2018 at 09:31 AM +0100, Martin Kletzander <mkletzan(a)redhat.com>
wrote:
[...]
> How can you run a machine/QEMU VM under a different user:group other
> than changing the user:group in qemu.conf and restart/reload libvirtd?
>
> As soon as a VM is running we have not to verify /dev/kvm access, no?
> (so there should be no problem when libvirtd tries to “reconnect” to
> already running VMs).
You can add this into your domain XML:
<seclabel type='static' model='dac' relabel='yes'>
<label>phrdina:phrdina</label>
</seclabel>
And it will run the qemu process under that user.
Interesting :) Actually, if we consider this then the QEMU caps caching
is broken anyway since 'virQEMUCapsNewData' is calling
'virQEMUCapsNewForBinaryInternal(…, priv->runUid, priv->runGid, …)'.
And 'priv->runUid/runGid' is only set once in virQEMUCapsCacheNew.
Maybe I missed something.
Pavel
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
--
Kind regards / Beste Grüße
Marc Hartmayer
IBM Deutschland Research & Development GmbH
Vorsitzende des Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294