On Tue, Nov 01, 2011 at 05:27:24PM -0400, Ben Clay wrote:
Is there a way to automatically set the permissions of cgroups
directories
created by libvirt when a VM is launched?
Although it looks like I can set permissions on top-level /cgroup
directories via cgconfig.conf, the cgconfig.conf manpage says "Permissions
are related only to enclosing control group and are not inherited by
subgroups.". From this, I believe that when libvirt creates VMs, the new
directories under /cgroup/*/libvirt/qemu/<vm name>/ will not receive the
cgconfig.conf permissions.
Where in the libvirt config can I set this? We need users other than root
to write to specific subsystems.
We don't support setting alternate permissions, because the intention is
that all access is via libvirt APIs, which allow unprivileged users as
defined by the libvirt access control policy.
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|