From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1N63mJ-0006nC-OM
	for qemu-devel@nongnu.org; Thu, 05 Nov 2009 09:57:35 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1N63mG-0006k3-1n
	for qemu-devel@nongnu.org; Thu, 05 Nov 2009 09:57:35 -0500
Received: from [199.232.76.173] (port=59601 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1N63mE-0006jL-Mi
	for qemu-devel@nongnu.org; Thu, 05 Nov 2009 09:57:30 -0500
Received: from e9.ny.us.ibm.com ([32.97.182.139]:39361)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <aliguori@us.ibm.com>) id 1N63mB-00027i-Ew
	for qemu-devel@nongnu.org; Thu, 05 Nov 2009 09:57:27 -0500
Received: from d01relay03.pok.ibm.com (d01relay03.pok.ibm.com [9.56.227.235])
	by e9.ny.us.ibm.com (8.14.3/8.13.1) with ESMTP id nA5Eqg8Y010852
	for <qemu-devel@nongnu.org>; Thu, 5 Nov 2009 09:52:42 -0500
Received: from d01av04.pok.ibm.com (d01av04.pok.ibm.com [9.56.224.64])
	by d01relay03.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	nA5EvPi1107490
	for <qemu-devel@nongnu.org>; Thu, 5 Nov 2009 09:57:25 -0500
Received: from d01av04.pok.ibm.com (loopback [127.0.0.1])
	by d01av04.pok.ibm.com (8.14.3/8.13.1/NCO v10.0 AVout) with ESMTP id
	nA5EvLEO014731
	for <qemu-devel@nongnu.org>; Thu, 5 Nov 2009 09:57:22 -0500
Message-ID: <4AF2E7CE.8010506@us.ibm.com>
Date: Thu, 05 Nov 2009 08:57:18 -0600
From: Anthony Liguori <aliguori@us.ibm.com>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support
	for qemu
References: <1257294485-27015-1-git-send-email-aliguori@us.ibm.com>
	<4AF2E247.3090409@redhat.com>
In-Reply-To: <4AF2E247.3090409@redhat.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Avi Kivity <avi@redhat.com>
Cc: Mark McLoughlin <markmc@redhat.com>, Arnd Bergmann <arndbergmann@googlemail.com>, Dustin Kirkland <kirkland@canonical.com>, Juan Quintela <quintela@redhat.com>, qemu-devel@nongnu.org, Michael Tsirkin <mst@redhat.com>

Avi Kivity wrote:
>> At least with KVM support, this is probably the most common use case 
>> which means
>> that most of our users are running qemu as root.  That's terrible.
>>    
>
> Most of our users run managed systems.

I consider management software as a user.  Today, most management 
software launches qemu as root.  libvirt is just getting around to 
fixing this although they still are running it as a single user instead 
of as the user requesting the vm be launched.

The fundamental problem, is that to use qemu as a non-privileged user, 
you need to go from userA -> root -> userB.  For the lazy, it's easiest 
just to make userA == userB == root.  IMHO, the ideal thing is to always 
be userA.

If we make this easy for management software to do, they're more likely 
to do the right thing.

-- 
Regards,

Anthony Liguori