[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] run QEMU as non-root

Stefano Stabellini wrote:
> Try to use "xen-qemudepriv-$domname" first, then "xen-qemudepriv-base" +
> domid, finally "xen-qemudepriv-shared" and root if everything else fails.
> The uids need to be manually created by the user or, more likely, by the
> xen package maintainer.

FYI, the libvirt qemu driver supports specifying a global uid:gid for
qemu processes in /etc/libvirt/qemu.conf.  The uid:gid can also be tuned
per-domain with something like

  <seclabel type='static' model='dac' relabel='yes'>

The model is a bit different in Xen where only the associated qemu (not
the entire domain) would be running as uid:gid, so I'm not sure if this
is something you want to expose through libxl.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.