Overriding qemu.conf libvirt-qemu user per-domain - Users - Libvirt List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Overriding qemu.conf libvirt-qemu user per-domain

Features from Capabilities

List of valid arch's for...

Pascal Proulx

Friday, 20 December 2024 Fri, 20 Dec '24

12:48 a.m.

Hello, How can I override the libvirt-qemu user defined in /etc/libvirt/qemu.conf using a per-domain (virtual machine) override using the domain XML definitions? I can find qemu arg overrides but not this and I may have missed it. Thank you

Reply

Show replies by date

Jiri Denemark

Friday, 20 December Fri, 20 Dec

5:17 a.m.

On Fri, Dec 20, 2024 at 01:48:48 -0500, Pascal Proulx via Users wrote:

Hello, How can I override the libvirt-qemu user defined in /etc/libvirt/qemu.conf using a per-domain (virtual machine) override using the domain XML definitions? I can find qemu arg overrides but not this and I may have missed it.

I believe the following XML should do it <seclabel type='static' model='dac' relabel='yes'> <label>user:group</label> <imagelabel>user:group</imagelabel> </seclabel> The <imagelabel> element may not be needed depending on who owns the images and what mode they have. Jirka

Reply

Pascal Proulx

11:07 a.m.

Thank you very much!! On the most basic test (only), appears to work, although afterward it strips out the imagelabel element: I originally did: <domain type='kvm'>  <seclabel type='static' model='dac' relabel='yes'> <label>horse-libvirt-qemu:libvirt-qemu</label> <imagelabel>horse-libvirt-qemu:libvirt-qemu</imagelabel> </seclabel> </domain> virsh define /etc/libvirt/qemu/xxx.xml virsh start xxxx It effectively worked: ps aux: horse-libvirt-qemu 6522 /usr/bin/qemu-system-x86_64 -name guest=[...] -rw------- 1 horse-libvirt-qemu libvirt-qemu 21478375424 Dec 20 11:40 xxxxx.qcow2 Then the domain definition was rewritten by libvirt (probably unproblematically) to: <domain type='kvm'>  <seclabel type='static' model='dac' relabel='yes'> <label>horse-libvirt-qemu:libvirt-qemu</label> </seclabel> </domain> I'll be trying, but are there any features or virtual machine devices known not covered by this method? (I had consulted the C source to figure out where virCHDriverConfig::user might be overridden, and so wonder at what code location this relabel is being applied, but conversely this looks more powerful) On 12/20/24 06:17, Jiri Denemark wrote:

On Fri, Dec 20, 2024 at 01:48:48 -0500, Pascal Proulx via Users wrote: > Hello, > > How can I override the libvirt-qemu user defined in > /etc/libvirt/qemu.conf using a per-domain (virtual machine) override > using the domain XML definitions? I can find qemu arg overrides but not > this and I may have missed it. I believe the following XML should do it <seclabel type='static' model='dac' relabel='yes'> <label>user:group</label> <imagelabel>user:group</imagelabel> </seclabel> The <imagelabel> element may not be needed depending on who owns the images and what mode they have. Jirka

Reply

2

days inactive

2

days old

users@lists.libvirt.org

Manage subscription

2 comments

2 participants

tags (0)

participants (2)

Jiri Denemark
Pascal Proulx