Thank you very much!! On the most basic test (only), appears to work,
although afterward it strips out the imagelabel element:
I originally did:
<domain type='kvm'>
<!-- ... -->
<seclabel type='static' model='dac' relabel='yes'>
<label>horse-libvirt-qemu:libvirt-qemu</label>
<imagelabel>horse-libvirt-qemu:libvirt-qemu</imagelabel>
</seclabel>
</domain>
virsh define /etc/libvirt/qemu/xxx.xml
virsh start xxxx
It effectively worked:
ps aux:
horse-libvirt-qemu 6522 /usr/bin/qemu-system-x86_64 -name guest=[...]
-rw------- 1 horse-libvirt-qemu libvirt-qemu 21478375424 Dec 20 11:40
xxxxx.qcow2
Then the domain definition was rewritten by libvirt (probably
unproblematically) to:
<domain type='kvm'>
<!-- ... -->
<seclabel type='static' model='dac' relabel='yes'>
<label>horse-libvirt-qemu:libvirt-qemu</label>
</seclabel>
</domain>
I'll be trying, but are there any features or virtual machine devices
known not covered by this method? (I had consulted the C source to
figure out where virCHDriverConfig::user might be overridden, and so
wonder at what code location this relabel is being applied, but
conversely this looks more powerful)
On 12/20/24 06:17, Jiri Denemark wrote:
On Fri, Dec 20, 2024 at 01:48:48 -0500, Pascal Proulx via Users wrote:
Hello,
How can I override the libvirt-qemu user defined in
/etc/libvirt/qemu.conf using a per-domain (virtual machine) override
using the domain XML definitions? I can find qemu arg overrides but not
this and I may have missed it.
I believe the following XML should do it
<seclabel type='static' model='dac' relabel='yes'>
<label>user:group</label>
<imagelabel>user:group</imagelabel>
</seclabel>
The <imagelabel> element may not be needed depending on who owns the
images and what mode they have.
Jirka
