On Tue, Mar 22, 2022 at 02:35:54PM +0000, Richard W.M. Jones wrote: > For fuller explanation see: > https://bugzilla.redhat.com/show_bug.cgi?id=2066773#c1 > > I'm not very happy with this patch for a few reasons: > > - Does every distro use "qemu" as the user that runs qemu?
Not sure, but you can query this from libvirt # virsh capabilities | xmllint -xpath '//secmodel[./model="dac"]/baselabel[@type="kvm"]' - <baselabel type="kvm">+107:+107</baselabel> The base level here is the label that any files must have in order to be writable by QEMU, using a default process label. In the case of the 'dac' model this is a UID:GID pair (+ indicates numeric ID, as opposed to a username with all numbers). NB, this doesn't apply if you're overriding the default label to use a distinct UID per VM, but I assume v2v isn't doing that and controls its own VMs > - Having to run an external process (not a big deal, but a bit clumsy) In theory libacl gives you programmatic API for this. > - Aren't ACLs actually deprecated? Not that I know of. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ Libguestfs mailing list [email protected] https://listman.redhat.com/mailman/listinfo/libguestfs
