On Tue, Nov 01, 2011 at 05:27:24PM -0400, Ben Clay wrote:

Is there a way to automatically set the permissions of cgroups directories created by libvirt when a VM is launched?

Although it looks like I can set permissions on top-level /cgroup directories via cgconfig.conf, the cgconfig.conf manpage says "Permissions are related only to enclosing control group and are not inherited by subgroups.". From this, I believe that when libvirt creates VMs, the new directories under /cgroup/*/libvirt/qemu/<vm name>/ will not receive the cgconfig.conf permissions.

Where in the libvirt config can I set this? We need users other than root to write to specific subsystems.

We don't support setting alternate permissions, because the intention is that all access is via libvirt APIs, which allow unprivileged users as defined by the libvirt access control policy. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|