On 6/6/25 10:05, Peter Krempa via Devel wrote: > From: Peter Krempa <pkre...@redhat.com> > > Add a note that the user/group can be overriden or relabelling disabled > using per-vm/disk <seclabel> elements instead of disabling it globally. > > Add a note that read-only image labels are not restored. > > Closes: https://gitlab.com/libvirt/libvirt/-/issues/512
What a nice round number! > Signed-off-by: Peter Krempa <pkre...@redhat.com> > --- > src/qemu/qemu.conf.in | 12 +++++++++++- > 1 file changed, 11 insertions(+), 1 deletion(-) > > diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in > index 042bb75b50..221bfa8095 100644 > --- a/src/qemu/qemu.conf.in > +++ b/src/qemu/qemu.conf.in > @@ -513,7 +513,17 @@ > > # Whether libvirt should dynamically change file ownership > # to match the configured user/group above. Defaults to 1. > -# Set to 0 to disable file ownership changes. > +# > +# Notes: > +# - Per domain or per disk image user and group can be configured, or > +# relabelling disabled using the <seclabel model='dac'> elements in XML: > +# > +# https://www.libvirt.org/formatdomain.html#security-label > +# > +# - The user/group of read-only images is not restored as with read-write > +# images as they may be shared among more domains. > +# > +# Set to 0 to disable file ownership changes globally in the qemu driver. > #dynamic_ownership = 1 > > # Whether libvirt should remember and restore the original Reviewed-by: Michal Privoznik <mpriv...@redhat.com> Michal
