On Mon, Aug 07, 2023 at 01:06:55PM +0200, Sebastien WILLEMIJNS wrote:
Hello, Why LIBVIRT software/libs need to chown "near the root level" (home/blahblah/) when raw/vdi/vhd can contains lots of directories as /home/user/Virtual_HDs/desktop/daddy/private/bedroom/number2/hd.vdi ? on ubuntu, "/media/hostname" can contains all our external HD's without relation with virtualization !!! :-( another sample picked up in the net: WARNING /home/jwright/virtualMachines/images/fedora25.qcow2 may not be accessible by the hypervisor. You will need to grant the 'qemu' user search permissions for the following directories: ['/home/jwright']
When you want to run a VM under non-root user (running it as root is not the right way to go) you want the emulator to have access to the disk. But if /home/jwright is owned by different user and group than the user under which the emulator runs (i.e. qemu), and it has no search permission for others (the last "x" in "rwx-----x" for example is enough) then there is no way it can access that disk because it cannot go "through" /home/jwright. The "search" permission does not allow "reading", i.e. the qemu user would still not be able to read the directory and list the files under it, but it could access a file under said directory if it knows the full path and has permissions for that file (and "search" permission for all the subdirectories that it lies inside). HTH, Martin
Attachment:
signature.asc
Description: PGP signature
