On 7/2/24 16:19, daggs wrote:
thanks, seems like I'm past this part, the vm start fails because of insufficient permissions to detach/reattach the pci nodes, I assumed that there is no fast solution so I fixed it with a script that uses doas to preform the detach/reattach.
No sysadmin wants to allow regular users to bind PCI devices to "random" drivers, surely. PCI devices must be "detached" (i.e. bound to vfio driver) by sysadmin (e.g. virsh -c qemu:///system nodedev-detach ...) BEFORE qemu:///session domain wants to use the device. so I should call virsh -c qemu:///system nodedev-detach from within the libvirt hook? wont that might cause a hangup? I did got that in some scenarios.
No, calling libvirt from hooks is strongly discouraged as deadlocks are likely to occur. Just detach PCI devices before starting any qemu:///session domain. Either right at startup (write an init service), do that manually, doesn't matter really. Michal