[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] run QEMU as non-root

On Fri, 15 May 2015, Jim Fehlig wrote:
> Stefano Stabellini wrote:
> > Try to use "xen-qemudepriv-$domname" first, then "xen-qemudepriv-base" +
> > domid, finally "xen-qemudepriv-shared" and root if everything else fails.
> >
> > The uids need to be manually created by the user or, more likely, by the
> > xen package maintainer.
> >   
> 
> FYI, the libvirt qemu driver supports specifying a global uid:gid for
> qemu processes in /etc/libvirt/qemu.conf.  The uid:gid can also be tuned
> per-domain with something like
> 
>   <seclabel type='static' model='dac' relabel='yes'>
>     <label>uid:gid</label>
>   </seclabel>
> 
> The model is a bit different in Xen where only the associated qemu (not
> the entire domain) would be running as uid:gid, so I'm not sure if this
> is something you want to expose through libxl.

I think it might be a possibility. We could easily add options to set a
uid and gid per domain to be used for QEMU.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.