Re: [Xen-devel] [PATCH v8] run QEMU as non-root

2015-10-07 Thread Ian Campbell
On Tue, 2015-10-06 at 09:29 -0600, Jim Fehlig wrote: > Currently, there is no libivrt code to using this. But surely users would like > to specify the qemu user in their xl config right? Surely. Stefano can you take care of this in a followup please. NB I went to apply this patch for now but the

Re: [Xen-devel] [PATCH v8] run QEMU as non-root

2015-10-06 Thread Jim Fehlig
Ian Campbell wrote: > On Tue, 2015-10-06 at 14:13 +0100, Stefano Stabellini wrote: >> On Mon, 5 Oct 2015, Ian Campbell wrote: >>> On Mon, 2015-10-05 at 16:53 +0100, Stefano Stabellini wrote: > Wasn't there some code to plumb this into xl at one point? Did that > get > dropped along the

Re: [Xen-devel] [PATCH v8] run QEMU as non-root

2015-10-06 Thread Ian Campbell
On Tue, 2015-10-06 at 14:13 +0100, Stefano Stabellini wrote: > On Mon, 5 Oct 2015, Ian Campbell wrote: > > On Mon, 2015-10-05 at 16:53 +0100, Stefano Stabellini wrote: > > > > Wasn't there some code to plumb this into xl at one point? Did that > > > > get > > > > dropped along the way? > > > > > >

Re: [Xen-devel] [PATCH v8] run QEMU as non-root

2015-10-06 Thread Stefano Stabellini
On Mon, 5 Oct 2015, Ian Campbell wrote: > On Mon, 2015-10-05 at 16:53 +0100, Stefano Stabellini wrote: > > > Wasn't there some code to plumb this into xl at one point? Did that get > > > dropped along the way? > > > > device_model_user is added to the idl by this patch, I think that is > > enough,

Re: [Xen-devel] [PATCH v8] run QEMU as non-root

2015-10-05 Thread Ian Campbell
On Mon, 2015-10-05 at 16:53 +0100, Stefano Stabellini wrote: > > Wasn't there some code to plumb this into xl at one point? Did that get > > dropped along the way? > > device_model_user is added to the idl by this patch, I think that is > enough, right? Depends what you mean by "enough", it adds

Re: [Xen-devel] [PATCH v8] run QEMU as non-root

2015-10-05 Thread Stefano Stabellini
On Fri, 2 Oct 2015, Ian Campbell wrote: > On Wed, 2015-09-30 at 16:45 +0100, Stefano Stabellini wrote: > > > QEMU is going to setuid and setgid to the user ID and the group ID of > > the specified user, soon after initialization, before starting to deal > > with any guest IO. > > Can you confirm

Re: [Xen-devel] [PATCH v8] run QEMU as non-root

2015-10-02 Thread Ian Campbell
On Wed, 2015-09-30 at 16:45 +0100, Stefano Stabellini wrote: > QEMU is going to setuid and setgid to the user ID and the group ID of > the specified user, soon after initialization, before starting to deal > with any guest IO. Can you confirm that QEMU will bail if the user given via -runas doesn

[Xen-devel] [PATCH v8] run QEMU as non-root

2015-09-30 Thread Stefano Stabellini
Try to use "xen-qemudepriv-domid$domid" first, then "xen-qemudepriv-shared" and root if everything else fails. The uids need to be manually created by the user or, more likely, by the xen package maintainer. Expose a device_model_user setting in libxl_domain_build_info, so that opinionated caller