On Mon, Feb 23, 2009 at 05:46:36PM -0500, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Daniel P. Berrange wrote:
> On Tue, Feb 17, 2009 at 04:52:08PM -0500, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Looks like qemu launched from libvirt wants to create pulseaudito files
>> under /root/.pulse directory.
>
> Hmm, that sounds bad - it should not do this.
>
>> Seems strange, and we might want to consider changing the homedir for
>> each qemu launched by libvirt.
>>
>> /var/run/libvirt/qemu/DOMAIN
>>
>> for example.
>>
>> It seems qemu has to be able to write here or it blows up.
>
> What version of QEMU is this with - I think that needs to be fixed in
> QEMU
>
>> Will add selinux policy for now.
>
> I'd prefer not - AFAIK, QEMU should not be doing this - if PulseAudio
> is desired when running as root, then the admin should start it ahead
> of time, not have QEMU auto-spawn it. PA should only auto-spawn itself
> if running non-root in the desktop session IMHO.
>
> Daniel
For some reason it is also trying to create /root/.kde directory and
then link a socket to /tmp/ksocket-root.
Everything seems to be caused by sound.
I hacked out a libvirt that does not add the -esound qualifier to qemu
and every thing works correctly in svirt with SELinux in enforcing mode.
Not really sure what the proper way to handle this? Should libvirt be
execing qemu with the sound device if it is running as root? Will this
work with the sound devices? What happens if libvirt is remote?
Configuring sound devices in QEMU when doing remote provisioning is
pretty useless really. We need to tunnelling of audio stream from
the QEMU instance to the client machine, over VNC / SPICE, or a
parallel network audio transport.
I'm inclined to say we should set the SDL env variable to disable sound
for instances run as root, and only use sound when launching the per-user
unprivileged instances which are able to properly integrate with the
sound daemon provided by the desktop session (ESD / PulseAudio / KDE)
Daniel
--
|: Red Hat, Engineering, London -o-
http://people.redhat.com/berrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org -o-
http://ovirt.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|