[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] I have no idea why the current version of libvirt works for anyone in enforcing mode.



Libvirt is executing qemu requiring it to execute pulseaudio which would require the folowing permissions,

#============= svirt_t ==============
allow svirt_t admin_home_t:dir setattr;
allow svirt_t admin_home_t:file { read write };
allow svirt_t pulseaudio_port_t:tcp_socket name_connect;
allow svirt_t svirt_tmpfs_t:file read;
allow svirt_t user_tmpfs_t:file read;

Since qemu(svirt_t) is not allowed these permissions, pulseaudio crashes and qemu dies.

I believe you need to run without sound if you are running as root.

diff --git a/src/qemu_conf.c b/src/qemu_conf.c
index 03f710f..e0ab039 100644
--- a/src/qemu_conf.c
+++ b/src/qemu_conf.c
@@ -1334,8 +1334,13 @@ int qemudBuildCommandLine(virConnectPtr conn,
             ADD_ARG_LIT("-full-screen");
     }
 
-    /* Add sound hardware */
-    if (vm->def->nsounds) {
+    /* Add sound hardware iff you are not running as root */
+    /* Configuring sound devices in QEMU when doing remote provisioning is
+       pretty useless really. We need to tunnelling of audio stream from
+       the QEMU instance to the client machine, over VNC / SPICE, or a
+       parallel network audio transport. */
+
+    if (getuid() && vm->def->nsounds) {
         int size = 100;
         char *modstr;
         if (VIR_ALLOC_N(modstr, size+1) < 0)

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]