Re: [libvirt] Problem configuring selective dropping of root
On Tue, 9 Jul 2019 14:26:08 +0200
Pavel Hrdina <phrdina(a)redhat.com> wrote:
[...]
In addition if you would like to have only one VM as root:root you
should keep the default config as nobody:kvm and use the root:root for
that specific VM.
Pavel
Let me answer this part in another post.
Generally I agree with you. But there is one question: if I configure libvirt
to use nobody:kvm as user, how is it possible to start a qemu with root
privileges? I thought it not to be possible that it runs a root process while
its config says it should be nobody ...?
I thought it can only _drop_ privileges from root to nobody, because its
primary user is root.
Or is it in fact always running as root, and only "fake-dropping" to the
configured user (maybe a spawned child), while still being able to spawn other
root processes?
--
Regards,
Stephan