mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-10 14:57:42 +00:00
f55afd83b1
If you've ever tried running a huge page backed guest under different user than in qemu.conf, you probably failed. Problem is even though we have corresponding APIs in the security drivers, there's no implementation and thus we don't relabel the huge page path. But even if we did, so far all of the domains share the same path: /hugepageMount/libvirt/qemu Our only option there would be to set 0777 mode on the qemu dir which is totally unsafe. Therefore, we can create dir on per-domain basis, i.e.: /hugepageMount/libvirt/qemu/domainName and chown domainName dir to the user that domain is configured to run under. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
61 lines
2.5 KiB
Plaintext
61 lines
2.5 KiB
Plaintext
LC_ALL=C \
|
|
PATH=/bin \
|
|
HOME=/home/test \
|
|
USER=test \
|
|
LOGNAME=test \
|
|
QEMU_AUDIO_DRV=spice \
|
|
/usr/bin/qemu-system-x86_64 \
|
|
-name fedora \
|
|
-S \
|
|
-M pc-i440fx-2.3 \
|
|
-m size=1048576k,slots=16,maxmem=1099511627776k \
|
|
-smp 2,sockets=2,cores=1,threads=1 \
|
|
-mem-prealloc \
|
|
-mem-path /dev/hugepages2M/libvirt/qemu/-1-fedora \
|
|
-numa node,nodeid=0,cpus=0-1,mem=1024 \
|
|
-object memory-backend-file,id=memdimm0,prealloc=yes,\
|
|
mem-path=/dev/hugepages1G/libvirt/qemu/-1-fedora,size=1073741824,\
|
|
host-nodes=1-3,policy=bind \
|
|
-device pc-dimm,node=0,memdev=memdimm0,id=dimm0,slot=0 \
|
|
-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
|
|
-nodefaults \
|
|
-monitor unix:/tmp/lib/domain--1-fedora/monitor.sock,server,nowait \
|
|
-rtc base=utc,driftfix=slew \
|
|
-no-kvm-pit-reinjection \
|
|
-global PIIX4_PM.disable_s3=1 \
|
|
-global PIIX4_PM.disable_s4=1 \
|
|
-boot c \
|
|
-device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x6.0x7 \
|
|
-device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,\
|
|
addr=0x6 \
|
|
-device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x6.0x1 \
|
|
-device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x6.0x2 \
|
|
-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 \
|
|
-drive file=/var/lib/libvirt/images/fedora.qcow2,format=qcow2,if=none,\
|
|
id=drive-virtio-disk0 \
|
|
-device virtio-blk-pci,bus=pci.0,addr=0x7,drive=drive-virtio-disk0,\
|
|
id=virtio-disk0 \
|
|
-drive if=none,media=cdrom,id=drive-ide0-0-0,readonly=on \
|
|
-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
|
|
-serial pty \
|
|
-chardev socket,id=charchannel0,\
|
|
path=/var/lib/libvirt/qemu/channel/target/fedora.org.qemu.guest_agent.0,server,\
|
|
nowait \
|
|
-device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,\
|
|
id=channel0,name=org.qemu.guest_agent.0 \
|
|
-chardev spicevmc,id=charchannel1,name=vdagent \
|
|
-device virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,\
|
|
id=channel1,name=com.redhat.spice.0 \
|
|
-device usb-tablet,id=input0,bus=usb.0,port=1 \
|
|
-spice port=5901,tls-port=5902,addr=127.0.0.1,x509-dir=/etc/pki/libvirt-spice \
|
|
-vga qxl \
|
|
-global qxl-vga.ram_size=67108864 \
|
|
-global qxl-vga.vram_size=67108864 \
|
|
-device intel-hda,id=sound0,bus=pci.0,addr=0x4 \
|
|
-device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 \
|
|
-chardev spicevmc,id=charredir0,name=usbredir \
|
|
-device usb-redir,chardev=charredir0,id=redir0,bus=usb.0,port=2 \
|
|
-chardev spicevmc,id=charredir1,name=usbredir \
|
|
-device usb-redir,chardev=charredir1,id=redir1,bus=usb.0,port=3 \
|
|
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x8
|