Re: per user vm isolation with shared network

>> thanks, seems like I'm past this part, the vm start fails because of insufficient permissions to detach/reattach the pci nodes, I assumed that there is no fast solution so >> I fixed it with a script that uses doas to preform the detach/reattach. > > No sysadmin wants to allow regular users to bind PCI devices to "random" > drivers, surely. PCI devices must be "detached" (i.e. bound to vfio > driver) by sysadmin (e.g. virsh -c qemu:///system nodedev-detach ...) > BEFORE qemu:///session domain wants to use the device. so I should call virsh -c qemu:///system nodedev-detach from within the libvirt hook? wont that might cause a hangup? I did got that in some scenarios.