[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] run QEMU as non-root

Stefano Stabellini wrote:
> Try to use "xen-qemudepriv-$domname" first, then "xen-qemudepriv-base" +
> domid, finally "xen-qemudepriv-shared" and root if everything else fails.
>
> The uids need to be manually created by the user or, more likely, by the
> xen package maintainer.
>   

FYI, the libvirt qemu driver supports specifying a global uid:gid for
qemu processes in /etc/libvirt/qemu.conf.  The uid:gid can also be tuned
per-domain with something like

  <seclabel type='static' model='dac' relabel='yes'>
    <label>uid:gid</label>
  </seclabel>

The model is a bit different in Xen where only the associated qemu (not
the entire domain) would be running as uid:gid, so I'm not sure if this
is something you want to expose through libxl.

Regards,
Jim

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.