On Tue, 9 Jul 2019 14:26:08 +0200 Pavel Hrdina <phrdina@xxxxxxxxxx> wrote: > [...] > > In addition if you would like to have only one VM as root:root you > should keep the default config as nobody:kvm and use the root:root for > that specific VM. > > Pavel Let me answer this part in another post. Generally I agree with you. But there is one question: if I configure libvirt to use nobody:kvm as user, how is it possible to start a qemu with root privileges? I thought it not to be possible that it runs a root process while its config says it should be nobody ...? I thought it can only _drop_ privileges from root to nobody, because its primary user is root. Or is it in fact always running as root, and only "fake-dropping" to the configured user (maybe a spawned child), while still being able to spawn other root processes? -- Regards, Stephan -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
