On 07/09/2015 04:34 AM, Ian Campbell wrote:
On Wed, 2015-07-01 at 15:03 -0600, Jim Fehlig wrote:
Perhaps. But thanks for providing a way (b_info->device_model_user) for apps to
override the libxl policy.
You mentioned in v5 that libvirt supports setting both the user and the
group and that the qemu driver supports that. How does that work?
AFAICT qemu's -runas option only takes a user and it takes that user's
primary group and uses that with no configurability. I think that's a
fine way to do things, but you implied greater configurability in
libvirt and I'm now curious...
The libvirt qemu driver doesn't use qemu's -runas option. It calls
setregid()/setreuid() in the child after fork()'ing, but before exec()'ing, qemu.
Regards,
Jim
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
