thr3ads.net - libvirt users - [libvirt-users] auto-set /cgroup/*/libvirt/qemu/<vm name>/ directory permissions on creation [Nov 2011]

If this information is useful, please help other people find it:
Share via:

Ben Clay

2011-Nov-01 21:27 UTC

[libvirt-users] auto-set /cgroup/*/libvirt/qemu/<vm name>/ directory permissions on creation

Is there a way to automatically set the permissions of cgroups directories
created by libvirt when a VM is launched?  

 

Although it looks like I can set permissions on top-level /cgroup
directories via cgconfig.conf, the cgconfig.conf manpage says "Permissions
are related only to enclosing control group and are not inherited by
subgroups.".  From this, I believe that when libvirt creates VMs, the new
directories under /cgroup/*/libvirt/qemu/<vm name>/ will not receive the
cgconfig.conf permissions.

 

Where in the libvirt config can I set this?  We need users other than root
to write to specific subsystems.

 

I can ask on the libcg mailing list as well, but I thought I'd try here
first since libvirt is dynamically creating / destroying these groups.

 

Thanks.

 

Ben Clay

 <mailto:rbclay at ncsu.edu> rbclay at ncsu.edu

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://listman.redhat.com/archives/libvirt-users/attachments/20111101/72695a2f/attachment.htm>

Daniel P. Berrange

2011-Nov-02 09:59 UTC

head link

[libvirt-users] auto-set /cgroup/*/libvirt/qemu/<vm name>/ directory permissions on creation

On Tue, Nov 01, 2011 at 05:27:24PM -0400, Ben Clay
wrote:> Is there a way to automatically set the permissions of cgroups directories
> created by libvirt when a VM is launched?  
> 
>  
> 
> Although it looks like I can set permissions on top-level /cgroup
> directories via cgconfig.conf, the cgconfig.conf manpage says
"Permissions
> are related only to enclosing control group and are not inherited by
> subgroups.".  From this, I believe that when libvirt creates VMs, the
new
> directories under /cgroup/*/libvirt/qemu/<vm name>/ will not receive
the
> cgconfig.conf permissions.
> 
>  
> 
> Where in the libvirt config can I set this?  We need users other than root
> to write to specific subsystems.
We don't support setting alternate permissions, because the intention is
that all access is via libvirt APIs, which allow unprivileged users as
defined by the libvirt access control policy.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

Reasonably Related Threads

Search for more possibly parallel threads

libvirt users - Nov 2011 - auto-set /cgroup/*/libvirt/qemu/<vm name>/ directory permissions on creation

[libvirt-users] auto-set /cgroup/*/libvirt/qemu/<vm name>/ directory permissions on creation

[libvirt-users] auto-set /cgroup/*/libvirt/qemu/<vm name>/ directory permissions on creation

Reasonably Related Threads