[libvirt] Problem configuring selective dropping of root
Stephan von Krawczynski
skraw.ml at ithnet.com
Tue Jul 9 22:01:18 UTC 2019
On Tue, 9 Jul 2019 14:26:08 +0200
Pavel Hrdina <phrdina at redhat.com> wrote:
> [...]
>
> In addition if you would like to have only one VM as root:root you
> should keep the default config as nobody:kvm and use the root:root for
> that specific VM.
>
> Pavel
Let me answer this part in another post.
Generally I agree with you. But there is one question: if I configure libvirt
to use nobody:kvm as user, how is it possible to start a qemu with root
privileges? I thought it not to be possible that it runs a root process while
its config says it should be nobody ...?
I thought it can only _drop_ privileges from root to nobody, because its
primary user is root.
Or is it in fact always running as root, and only "fake-dropping" to the
configured user (maybe a spawned child), while still being able to spawn other
root processes?
--
Regards,
Stephan
More information about the libvir-list
mailing list