Is there a way to automatically set the permissions of cgroups directories created by libvirt when a VM is launched?
Although it looks like I can set permissions on top-level /cgroup directories via cgconfig.conf, the cgconfig.conf manpage says “Permissions are related only to enclosing control group and are not inherited by subgroups.”. From this, I believe that when libvirt creates VMs, the new directories under /cgroup/*/libvirt/qemu/<vm name>/ will not receive the cgconfig.conf permissions.
Where in the libvirt config can I set this? We need users other than root to write to specific subsystems.
I can ask on the libcg mailing list as well, but I thought I’d try here first since libvirt is dynamically creating / destroying these groups.
Thanks.
Ben Clay