Re: [libvirt] [PATCH] m4: Change default QEMU credentials to qemu:qemu

On Tue, Mar 26, 2019 at 12:49:28PM +0100, Andrea Bolognani wrote: > Our current defaults are root:wheel on FreeBSD and macOS, root:root > everywhere else. > > Looking at what downstream distributions actually do, we can see that > these defaults are overriden the vast majority of the time, with a > number of variations showing up in the wild: > > * qemu:qemu -> Used by CentOS, Fedora, Gentoo, OpenSUSE, RHEL > and... As it turns out, our very own spec file :) > > * libvirt-qemu:libvirt-qemu -> Used by Debian. > > * libvirt-qemu:kvm -> Used by Ubuntu. > > * nobody:nobody -> Used by Arch Linux. > > Based on the above, we can conclude that qemu:qemu are the preferred > credentials to be used when spawning a QEMU process, while our > current defaults get very little love. > > Changing our defaults aligns with what most downstreams are actually > doing, promotes running QEMU under a non-root user - which is a very > good idea anyway - and shields random people building libvirt from > source from unwittingly running their guests as root. While I understand the motivation, this impl is problematic because it will guarantee that someone building & installing libvirt from source on Debian, Ubuntu and Arch will have a non-functional QEMU driver as it will try to use a "qemu:qemu" user/group which does not exist on those distros. If we want to change this, we must ensure that we honour the distro specific user/group names you show above, and fallback to root/root for distros we don't know about.