Re: Ways to exit from kvm on behalf of the quest system?

[Anthony Liguori <anthony-rdkfGonbjUSkNkDKm+mE6A@public.gmane.org>]

Dimitry Golubovsky wrote:
> Anthony,
>
> On 8/1/07, Anthony Liguori <anthony-rdkfGonbjUSkNkDKm+mE6A@public.gmane.org> wrote:
>
>   
>> Why are you using a setuid wrapper instead of just changing ownership of
>> /dev/kvm?
>>     
>
> Ownership of /dev/kvm is adjusted to be of group "kvm" (for example)
> and all users allowed to use it are in the same group.

Okay, so no root privileges are needed here.

>  It is also
> necessary to create a tap device (and through unique naming of it
> users are prevented from running multiple instances of VMs thus
> preventing memory overconsumption). Also it is necessary to connect
> tap to bridge. If FS (CAP_NETADMIN) capabilities were available in
> Linux by default then qemu process might be made capable of that (and
> anyway, when dropping to user privileges, capabilities are masked
> away). But they are only in special -mm patches, not in the mainstream
> kernel. So these tap/bridge operations require root privileges.
>   

This is one of the reasons the VDE project exists, to delegate 
privileges for tap/bridge devices.

Regards,

Anthony Liguori

>> The power-off thing is a bug.  I was also thinking that it may be
>> possible to detect when most guests have halted.
>>     
>
> Power-off works for me though.
>
> Thanks.
>
>   


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/