On 03/22/22 15:51, Daniel P. Berrangé wrote: > On Tue, Mar 22, 2022 at 02:35:54PM +0000, Richard W.M. Jones wrote: >> For fuller explanation see: >> https://bugzilla.redhat.com/show_bug.cgi?id=2066773#c1 >> >> I'm not very happy with this patch for a few reasons: >> >> - Does every distro use "qemu" as the user that runs qemu? > > Not sure, but you can query this from libvirt > > # virsh capabilities | xmllint -xpath > '//secmodel[./model="dac"]/baselabel[@type="kvm"]' - > <baselabel type="kvm">+107:+107</baselabel>
There is XML support in OCaml, and I guess we can figure out if we use TCG vs. KVM, so the "xmllint" command could be written in v2v. I'm not sure about "virsh capabilities" :/ Would we need to wrap virConnectGetCapabilities() <https://libvirt.org/formatcaps.html>? Thanks, Laszlo > > The base level here is the label that any files must have in order > to be writable by QEMU, using a default process label. > > In the case of the 'dac' model this is a UID:GID pair (+ indicates > numeric ID, as opposed to a username with all numbers). > > NB, this doesn't apply if you're overriding the default label to > use a distinct UID per VM, but I assume v2v isn't doing that and > controls its own VMs > >> - Having to run an external process (not a big deal, but a bit clumsy) > > In theory libacl gives you programmatic API for this. > >> - Aren't ACLs actually deprecated? > > Not that I know of. > > With regards, > Daniel > _______________________________________________ Libguestfs mailing list [email protected] https://listman.redhat.com/mailman/listinfo/libguestfs
