On 7/2/24 16:19, daggs wrote: >>> thanks, seems like I'm past this part, the vm start fails because of insufficient permissions to detach/reattach the pci nodes, I assumed that there is no fast solution so >>> I fixed it with a script that uses doas to preform the detach/reattach. >> >> No sysadmin wants to allow regular users to bind PCI devices to "random" >> drivers, surely. PCI devices must be "detached" (i.e. bound to vfio >> driver) by sysadmin (e.g. virsh -c qemu:///system nodedev-detach ...) >> BEFORE qemu:///session domain wants to use the device. > so I should call virsh -c qemu:///system nodedev-detach from within the libvirt hook? wont that might cause a hangup? > I did got that in some scenarios. No, calling libvirt from hooks is strongly discouraged as deadlocks are likely to occur. Just detach PCI devices before starting any qemu:///session domain. Either right at startup (write an init service), do that manually, doesn't matter really. Michal
