From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=iIIk7Y2V; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id 350135A0271 for ; Wed, 24 Sep 2025 13:00:17 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758711616; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references; bh=EL4ktkX5AqFnWtugHFuZzdhyIhUaYXiEuHkXSTeClT8=; b=iIIk7Y2Vx5FzKCWWuwxknNejsnQn1dCdzUv0rQ5WLu12I1zD3clRYP+DKtl2DF9g9vL2VV G8aLdHAWpo3Gl1qYE6Anqp6PM75ZroVootrMLdzqs6KIU69YPw3xcqtEuwwjggOpaLIZkb 9OxwifznhOi3MD6ukBlgBZHnbtgOAU8= Received: from mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-647-rZ5Hy1vzP5C4rPAX71dXBw-1; Wed, 24 Sep 2025 07:00:12 -0400 X-MC-Unique: rZ5Hy1vzP5C4rPAX71dXBw-1 X-Mimecast-MFC-AGG-ID: rZ5Hy1vzP5C4rPAX71dXBw_1758711612 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 389BE1956096; Wed, 24 Sep 2025 11:00:11 +0000 (UTC) Received: from redhat.com (unknown [10.42.28.136]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 4C8E11800579; Wed, 24 Sep 2025 11:00:08 +0000 (UTC) Date: Wed, 24 Sep 2025 12:00:04 +0100 From: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= To: "Richard W.M. Jones" Subject: Re: [PATCH] test: Update README.md Message-ID: References: <20250919115822.4e3aab21@elisabeth> <20250922220338.49013fce@elisabeth> <20250923123213.61ddd9d5@elisabeth> <20250924104632.75b3f5a8@elisabeth> <20250924085621.GT1460@redhat.com> <20250924110909.43a16cfa@elisabeth> <20250924103131.GU1460@redhat.com> MIME-Version: 1.0 In-Reply-To: <20250924103131.GU1460@redhat.com> User-Agent: Mutt/2.2.14 (2025-02-20) X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: KTTfcKsgTNL5NQe99KGrmvA8sUazCAaVPyIPKfwHfEI_1758711612 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-MailFrom: berrange@redhat.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation Message-ID-Hash: AUCHF7B62YDEFNYGEEE34WQSUVGAC7I3 X-Message-ID-Hash: AUCHF7B62YDEFNYGEEE34WQSUVGAC7I3 X-Mailman-Approved-At: Wed, 24 Sep 2025 13:06:50 +0200 CC: Stefano Brivio , Yumei Huang , passt-dev@passt.top, david@gibson.dropbear.id.au X-Mailman-Version: 3.3.8 Precedence: list Reply-To: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Wed, Sep 24, 2025 at 11:31:31AM +0100, Richard W.M. Jones wrote: > On Wed, Sep 24, 2025 at 11:09:09AM +0200, Stefano Brivio wrote: > > And now that you say that, I just realised that it would be as simple > > as: > > > > https://libguestfs.org/guestfs-faq.1.html#permission-denied-when-running-libguestfs-as-root > > > > LIBGUESTFS_BACKEND=direct virt-edit... > > While that will indeed work, we're trying to discourage people from > doing that, since it removes the other good things that libvirt does, > such as setting up SELinux. > > The real solution here IMHO is for libvirt to make session mode work > for root without changing UID. It actually goes out of its way to > stop this working at the moment[1]. We made it possible to run QEMU as root:root while still using system mode quite a while ago now. It requires adding this to the XML: AFAICT, the resulting QEMU will also still have all capabiltiies set, most importantly CAP_DAC_OVERRIDE. So unless I'm missing something there shouldn't be anything that can't be done with system mode, that a session mode would allow. I thought I had already suggested that libguestfs use this seclabel, but don't recall if it was ever tried, or if we hit some other roadblock. > [1] In qemuStateInitialize -> virQEMUDriverConfigNew, I think Well that's where the initial control is, but it isn't a simple as just removing/changing that code. When running as root, we have access to a lot of system wide resources, and libvirt needs to track which are in use by VMs or not. We can't do that tracking if we have two separate privileged daemons for both system mode and a root-session mode. It might be possible to have a single daemon service both roles. VMs defined via a session mode connection would auto-add the above to default to running as root. It would also need to dynamically change what's reported in capabilities to reflect this different default, and more systemd socket unit files at the locations that the session mode client app looks for. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|