Ok thanks you. I understand now.
On Mon, Aug 7, 2023, at 14:48, Martin Kletzander wrote:
On Mon, Aug 07, 2023 at 01:06:55PM +0200, Sebastien WILLEMIJNS
wrote:
>Hello,
>
>Why LIBVIRT software/libs need to chown "near the root level"
(home/blahblah/) when raw/vdi/vhd can contains lots of directories as
/home/user/Virtual_HDs/desktop/daddy/private/bedroom/number2/hd.vdi ?
>
>on ubuntu, "/media/hostname" can contains all our external HD's without
relation with virtualization !!! :-(
>
>another sample picked up in the net:
>WARNING /home/jwright/virtualMachines/images/fedora25.qcow2 may not be accessible by
the hypervisor. You will need to grant the 'qemu' user search permissions for the
following directories: ['/home/jwright']
When you want to run a VM under non-root user (running it as root is not
the right way to go) you want the emulator to have access to the disk.
But if /home/jwright is owned by different user and group than the user
under which the emulator runs (i.e. qemu), and it has no search
permission for others (the last "x" in "rwx-----x" for example is
enough) then there is no way it can access that disk because it cannot
go "through" /home/jwright. The "search" permission does not allow
"reading", i.e. the qemu user would still not be able to read the
directory and list the files under it, but it could access a file under
said directory if it knows the full path and has permissions for that
file (and "search" permission for all the subdirectories that it lies
inside).
HTH,
Martin
Attachments:
* signature.asc