-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Daniel P. Berrange wrote:
> On Mon, Feb 23, 2009 at 05:46:36PM -0500, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Daniel P. Berrange wrote:
>>> On Tue, Feb 17, 2009 at 04:52:08PM -0500, Daniel J Walsh wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> Looks like qemu launched from libvirt wants to create pulseaudito files
>>>> under /root/.pulse directory.
>>> Hmm, that sounds bad - it should not do this.
>>>
>>>> Seems strange, and we might want to consider changing the homedir for
>>>> each qemu launched by libvirt.
>>>>
>>>> /var/run/libvirt/qemu/DOMAIN
>>>>
>>>> for example.
>>>>
>>>> It seems qemu has to be able to write here or it blows up.
>>> What version of QEMU is this with - I think that needs to be fixed in
>>> QEMU
>>>
>>>> Will add selinux policy for now.
>>> I'd prefer not - AFAIK, QEMU should not be doing this - if PulseAudio
>>> is desired when running as root, then the admin should start it ahead
>>> of time, not have QEMU auto-spawn it. PA should only auto-spawn itself
>>> if running non-root in the desktop session IMHO.
>>>
>>> Daniel
>>
>> For some reason it is also trying to create /root/.kde directory and
>> then link a socket to /tmp/ksocket-root.
>>
>> Everything seems to be caused by sound.
>>
>> I hacked out a libvirt that does not add the -esound qualifier to qemu
>> and every thing works correctly in svirt with SELinux in enforcing mode.
>>
>> Not really sure what the proper way to handle this? Should libvirt be
>> execing qemu with the sound device if it is running as root? Will this
>> work with the sound devices? What happens if libvirt is remote?
>
> Configuring sound devices in QEMU when doing remote provisioning is
> pretty useless really. We need to tunnelling of audio stream from
> the QEMU instance to the client machine, over VNC / SPICE, or a
> parallel network audio transport.
>
> I'm inclined to say we should set the SDL env variable to disable sound
> for instances run as root, and only use sound when launching the per-user
> unprivileged instances which are able to properly integrate with the
> sound daemon provided by the desktop session (ESD / PulseAudio / KDE)
>
> Daniel
How about a patch like this for now, took some liberties with your quote?
git diff origin qemu_conf.c
diff --git a/src/qemu_conf.c b/src/qemu_conf.c
index 6f58ee8..32cdba2 100644
- --- a/src/qemu_conf.c
+++ b/src/qemu_conf.c
@@ -1327,8 +1327,13 @@ int qemudBuildCommandLine(virConnectPtr conn,
ADD_ARG_LIT("-full-screen");
}
- - /* Add sound hardware */
- - if (vm->def->nsounds) {
+ /* Add sound hardware iff you are not running as root */
+ /* Configuring sound devices in QEMU when doing remote provisioning is
+ pretty useless really. We need to tunnelling of audio stream from
+ the QEMU instance to the client machine, over VNC / SPICE, or a
+ parallel network audio transport. */
+
+ if (getuid() && vm->def->nsounds) {
int size = 100;
char *modstr;
if (VIR_ALLOC_N(modstr, size+1) < 0)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmkBEYACgkQrlYvE4MpobPD4QCeP/VNSkebMd7b86t+n8fx+T+s
+w8AoJGkLnrd1hLUxFU/6o9zRSv2WQUE
=4CAZ
-----END PGP SIGNATURE-----
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list