[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6] run QEMU as non-root



On 07/09/2015 04:34 AM, Ian Campbell wrote:
On Wed, 2015-07-01 at 15:03 -0600, Jim Fehlig wrote:
Perhaps.  But thanks for providing a way (b_info->device_model_user) for apps to
override the libxl policy.
You mentioned in v5 that libvirt supports setting both the user and the
group and that the qemu driver supports that. How does that work?

AFAICT qemu's -runas option only takes a user and it takes that user's
primary group and uses that with no configurability. I think that's a
fine way to do things, but you implied greater configurability in
libvirt and I'm now curious...

The libvirt qemu driver doesn't use qemu's -runas option. It calls setregid()/setreuid() in the child after fork()'ing, but before exec()'ing, qemu.

Regards,
Jim


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.