Ok thanks you. I understand now. On Mon, Aug 7, 2023, at 14:48, Martin Kletzander wrote: > On Mon, Aug 07, 2023 at 01:06:55PM +0200, Sebastien WILLEMIJNS wrote: >>Hello, >> >>Why LIBVIRT software/libs need to chown "near the root level" (home/blahblah/) when raw/vdi/vhd can contains lots of directories as /home/user/Virtual_HDs/desktop/daddy/private/bedroom/number2/hd.vdi ? >> >>on ubuntu, "/media/hostname" can contains all our external HD's without relation with virtualization !!! :-( >> >>another sample picked up in the net: >>WARNING /home/jwright/virtualMachines/images/fedora25.qcow2 may not be accessible by the hypervisor. You will need to grant the 'qemu' user search permissions for the following directories: ['/home/jwright'] > > When you want to run a VM under non-root user (running it as root is not > the right way to go) you want the emulator to have access to the disk. > But if /home/jwright is owned by different user and group than the user > under which the emulator runs (i.e. qemu), and it has no search > permission for others (the last "x" in "rwx-----x" for example is > enough) then there is no way it can access that disk because it cannot > go "through" /home/jwright. The "search" permission does not allow > "reading", i.e. the qemu user would still not be able to read the > directory and list the files under it, but it could access a file under > said directory if it knows the full path and has permissions for that > file (and "search" permission for all the subdirectories that it lies > inside). > > HTH, > Martin > > Attachments: > * signature.asc
