> Manpage: the description of '-runs' didn't show this parameter will use
> setuid, so the customer might get confused when 'elevateprivileges=deny' is
> used. Since '-runas' is going to be deprecated and replaced by this
> parameter in the coming qemu9.1, add the message here.
Queued, thanks. I modified the patch a bit to explain how setgid and
setgroups are used in addition to setuid:
diff --git a/qemu-options.hx b/qemu-options.hx
index ad6521ef5e7..694fa37f284 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -5024,8 +5024,11 @@ SRST
in combination with -runas.
``user=username`` or ``user=uid:gid`` can be used to drop root privileges
- by switching to the specified user (via username) or user and group
- (via uid:gid) immediately before starting guest execution.
+ before starting guest execution. QEMU will use the ``setuid`` and
``setgid``
+ system calls to switch to the specified identity. Note that the
+ ``user=username`` syntax will also apply the full set of supplementary
+ groups for the user, whereas the ``user=uid:gid`` will use only the
+ ``gid`` group.
Paolo
