[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] run QEMU as non-root

On Fri, 15 May 2015, Jim Fehlig wrote:
> Stefano Stabellini wrote:
> > Try to use "xen-qemudepriv-$domname" first, then "xen-qemudepriv-base" +
> > domid, finally "xen-qemudepriv-shared" and root if everything else fails.
> >
> > The uids need to be manually created by the user or, more likely, by the
> > xen package maintainer.
> >   
> FYI, the libvirt qemu driver supports specifying a global uid:gid for
> qemu processes in /etc/libvirt/qemu.conf.  The uid:gid can also be tuned
> per-domain with something like
>   <seclabel type='static' model='dac' relabel='yes'>
>     <label>uid:gid</label>
>   </seclabel>
> The model is a bit different in Xen where only the associated qemu (not
> the entire domain) would be running as uid:gid, so I'm not sure if this
> is something you want to expose through libxl.

I think it might be a possibility. We could easily add options to set a
uid and gid per domain to be used for QEMU.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.