Re: [libvirt] A difference between libvirt and execution in bash shell
On Tue, 2016-04-26 at 09:36 +0800, zhukaijie wrote:
Once I type my qemu command line in bash shell and execute it.
Then I use ps -aux to list the qemu process, results
indicates the user of the qemu vm is "root" (Of course I logged
with root). However, if I use libvirt to start a qemu
vm, the user of qemu become "qemu". Could you tell me something
about the user "qemu"? Also, how does this difference
happen? Thank you.
libvirt will launch qemu processes as a different user for
security reasons: while the libvirtd process needs to be
running as root in order to perform system setup tasks, the
guest processes themselves don't need to, and the overall
system security / stability benefits from them running as
a different user.
You can override the user (I believe "qemu" to be the
default) by changing the "user" and "group" settings in
your /etc/libvirt/qemu.conf.
On a side note, this mailing list is about the development of
libvirt itself; please send inquiries about libvirt usage to
the libvirt-users(a)redhat.com mailing list instead.
--
Andrea Bolognani
Software Engineer - Virtualization Team