[libvirt-users] Permission issue with cgroups

Eric Blake eblake at redhat.com
Fri May 11 20:50:01 UTC 2012 

On 05/11/2012 02:42 PM, Antonio Carlos Salzvedel Furtado Junior wrote:
> Hello libvirt users,
> 
> 
> I'm using the cgroup with QEMU guests. At /etc/libvirt/qemu.conf, I have
> the following parameter:
> 
> cgroup_controllers = [ "cpu" ]

Libvirt would like to use a lot more cgroup controllers than just the
cpu controller.  If you leave the line in qemu.conf commented out,
libvirt will use all possible cgroup controllers, rather than limiting
you to just one.

> 
> This controller is successfully mounted and  libvirt is able to create
> subgroups for each VM, it's really great the cgroups support in libvirt.
> The problem is that I can only set the parameters of a given cgroup under
> the cpu controller if I'm logged in as root. I want another user to have
> that permission as well.

Unfortunately, that is not possible.  Libvirt MUST manage its own
cgroups; you cannot go behind libvirt's back to change the cgroup
settings, or you will confuse libvirt.

What you should really be doing is figuring out what particular reason
you have for modifying the cgroups, and then determining which libvirt
API will let you modify the domain XML in such a way as to get that
cgroup attribute automatically changed.  Since non-root users can
connect to libvirtd to use libvirt's API in order to affect the cgroup
settings, then you do not need anyone other than libvirtd to access the
particular cgroups created for VMs managed by libvirt.


> This configuration above does not seem to modify any of the administration
> permissions. Only the root can edit the parameters under libvirt.
> The cpu entry was added just to check whether this configuration was read
> by cgroups at all. The 'cpu.shares' does change in group libvirt.

In particular, changes to cpu.shares are done via the libvirt API
virDomainSetSchedulerParameters, using the parameter name "cpu_shares";
and are reflected into the domain XML under the XPath notation of
/domain/cputune/shares.
http://libvirt.org/formatdomain.html#elementsCPUTuning

-- 
Eric Blake   eblake at redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20120511/6477ca05/attachment.sig>

More information about the libvirt-users mailing list