Re: You will need to grant the 'libvirt-qemu' user search permissions for the following directories....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Aug 07, 2023 at 01:06:55PM +0200, Sebastien WILLEMIJNS wrote:
Hello,

Why LIBVIRT software/libs need to chown "near the root level" (home/blahblah/) when raw/vdi/vhd can contains lots of directories as /home/user/Virtual_HDs/desktop/daddy/private/bedroom/number2/hd.vdi ?

on ubuntu, "/media/hostname" can contains all our external HD's without relation with virtualization !!! :-(

another sample picked up in the net:
WARNING /home/jwright/virtualMachines/images/fedora25.qcow2 may not be accessible by the hypervisor. You will need to grant the 'qemu' user search permissions for the following directories: ['/home/jwright']

When you want to run a VM under non-root user (running it as root is not
the right way to go) you want the emulator to have access to the disk.
But if /home/jwright is owned by different user and group than the user
under which the emulator runs (i.e. qemu), and it has no search
permission for others (the last "x" in "rwx-----x" for example is
enough) then there is no way it can access that disk because it cannot
go "through" /home/jwright.  The "search" permission does not allow
"reading", i.e. the qemu user would still not be able to read the
directory and list the files under it, but it could access a file under
said directory if it knows the full path and has permissions for that
file (and "search" permission for all the subdirectories that it lies
inside).

HTH,
Martin

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux