From: Peter Krempa <pkre...@redhat.com> Add a note that the user/group can be overriden or relabelling disabled using per-vm/disk <seclabel> elements instead of disabling it globally.
Add a note that read-only image labels are not restored. Closes: https://gitlab.com/libvirt/libvirt/-/issues/512 Signed-off-by: Peter Krempa <pkre...@redhat.com> --- src/qemu/qemu.conf.in | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in index 042bb75b50..221bfa8095 100644 --- a/src/qemu/qemu.conf.in +++ b/src/qemu/qemu.conf.in @@ -513,7 +513,17 @@ # Whether libvirt should dynamically change file ownership # to match the configured user/group above. Defaults to 1. -# Set to 0 to disable file ownership changes. +# +# Notes: +# - Per domain or per disk image user and group can be configured, or +# relabelling disabled using the <seclabel model='dac'> elements in XML: +# +# https://www.libvirt.org/formatdomain.html#security-label +# +# - The user/group of read-only images is not restored as with read-write +# images as they may be shared among more domains. +# +# Set to 0 to disable file ownership changes globally in the qemu driver. #dynamic_ownership = 1 # Whether libvirt should remember and restore the original -- 2.49.0
