Re: [libvirt] Playing around with libvirt/virt-manager.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Daniel P. Berrange wrote:
On Mon, Feb 23, 2009 at 05:46:36PM -0500, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Daniel P. Berrange wrote:
>> On Tue, Feb 17, 2009 at 04:52:08PM -0500, Daniel J Walsh wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Looks like qemu launched from libvirt wants to create pulseaudito files
>>> under /root/.pulse directory.
>> Hmm, that sounds bad - it should not do this.
>>
>>> Seems strange, and we might want to consider changing the homedir for
>>> each qemu launched by libvirt.
>>>
>>> /var/run/libvirt/qemu/DOMAIN
>>>
>>> for example.
>>>
>>> It seems qemu has to be able to write here or it blows up.
>> What version of QEMU is this with - I think that needs to be fixed in
>> QEMU
>>
>>> Will add selinux policy for now.
>> I'd prefer not - AFAIK, QEMU should not be doing this - if PulseAudio
>> is desired when running as root, then the admin should start it ahead
>> of time, not have QEMU auto-spawn it. PA should only auto-spawn itself
>> if running non-root in the desktop session IMHO.
>>
>> Daniel
>
> For some reason it is also trying to create /root/.kde directory and
> then link a socket to /tmp/ksocket-root.
>
> Everything seems to be caused by sound.
>
> I hacked out a libvirt that does not add the -esound qualifier to qemu
> and every thing works correctly in svirt with SELinux in enforcing mode.
>
> Not really sure what the proper way to handle this? Should libvirt be
> execing qemu with the sound device if it is running as root? Will this
> work with the sound devices? What happens if libvirt is remote?
Configuring sound devices in QEMU when doing remote provisioning is
pretty useless really. We need to tunnelling of audio stream from
the QEMU instance to the client machine, over VNC / SPICE, or a
parallel network audio transport.
I'm inclined to say we should set the SDL env variable to disable sound
for instances run as root, and only use sound when launching the per-user
unprivileged instances which are able to properly integrate with the
sound daemon provided by the desktop session (ESD / PulseAudio / KDE)
Daniel
How about a patch like this for now, took some liberties with your quote?
git diff origin qemu_conf.c
diff --git a/src/qemu_conf.c b/src/qemu_conf.c
index 6f58ee8..32cdba2 100644
- --- a/src/qemu_conf.c
+++ b/src/qemu_conf.c
@@ -1327,8 +1327,13 @@ int qemudBuildCommandLine(virConnectPtr conn,
ADD_ARG_LIT("-full-screen");
}
- - /* Add sound hardware */
- - if (vm->def->nsounds) {
+ /* Add sound hardware iff you are not running as root */
+ /* Configuring sound devices in QEMU when doing remote provisioning is
+ pretty useless really. We need to tunnelling of audio stream from
+ the QEMU instance to the client machine, over VNC / SPICE, or a
+ parallel network audio transport. */
+
+ if (getuid() && vm->def->nsounds) {
int size = 100;
char *modstr;
if (VIR_ALLOC_N(modstr, size+1) < 0)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmkBEYACgkQrlYvE4MpobPD4QCeP/VNSkebMd7b86t+n8fx+T+s
+w8AoJGkLnrd1hLUxFU/6o9zRSv2WQUE
=4CAZ
-----END PGP SIGNATURE-----