From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ian Campbell <ian.campbell@citrix.com>
Subject: Re: [PATCH v6] run QEMU as non-root
Date: Thu, 9 Jul 2015 11:34:05 +0100
Message-ID: <1436438045.23508.101.camel@citrix.com>
References: <1435755052-19447-1-git-send-email-stefano.stabellini@eu.citrix.com>
	<1435764543.25170.389.camel@citrix.com>
	<alpine.DEB.2.02.1507011630270.17378@kaball.uk.xensource.com>
	<55945587.70707@suse.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <55945587.70707@suse.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jim Fehlig <jfehlig@suse.com>
Cc: Ian.Jackson@eu.citrix.com, Dario Faggioli <dario.faggioli@citrix.com>, xen-devel@lists.xensource.com, wei.liu2@citrix.com, Stefano Stabellini <stefano.stabellini@eu.citrix.com>
List-Id: xen-devel@lists.xenproject.org

On Wed, 2015-07-01 at 15:03 -0600, Jim Fehlig wrote:
> Perhaps.  But thanks for providing a way (b_info->device_model_user) for apps to 
> override the libxl policy.

You mentioned in v5 that libvirt supports setting both the user and the
group and that the qemu driver supports that. How does that work?

AFAICT qemu's -runas option only takes a user and it takes that user's
primary group and uses that with no configurability. I think that's a
fine way to do things, but you implied greater configurability in
libvirt and I'm now curious...

Ian.