Anthony, On 8/1/07, Anthony Liguori <[EMAIL PROTECTED]> wrote:
> Why are you using a setuid wrapper instead of just changing ownership of > /dev/kvm? Ownership of /dev/kvm is adjusted to be of group "kvm" (for example) and all users allowed to use it are in the same group. It is also necessary to create a tap device (and through unique naming of it users are prevented from running multiple instances of VMs thus preventing memory overconsumption). Also it is necessary to connect tap to bridge. If FS (CAP_NETADMIN) capabilities were available in Linux by default then qemu process might be made capable of that (and anyway, when dropping to user privileges, capabilities are masked away). But they are only in special -mm patches, not in the mainstream kernel. So these tap/bridge operations require root privileges. > The power-off thing is a bug. I was also thinking that it may be > possible to detect when most guests have halted. Power-off works for me though. Thanks. -- Dimitry Golubovsky Anywhere on the Web ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
