1. Patchew
  2. Libvirt
  3. View series

[PATCH] qemu.conf: Improve docs for 'dynamic_ownership' option

Peter Krempa via Devel posted 1 patch 3 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/8ec4d71379a969fdfd502255fce772cb91e54bdf.1749197140.git.pkrempa@redhat.com
src/qemu/qemu.conf.in | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
[PATCH] qemu.conf: Improve docs for 'dynamic_ownership' option
Posted by Peter Krempa via Devel 3 months ago 
From: Peter Krempa <pkrempa@redhat.com>

Add a note that the user/group can be overriden or relabelling disabled
using per-vm/disk <seclabel> elements instead of disabling it globally.

Add a note that read-only image labels are not restored.

Closes: https://gitlab.com/libvirt/libvirt/-/issues/512
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu.conf.in | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in
index 042bb75b50..221bfa8095 100644
--- a/src/qemu/qemu.conf.in
+++ b/src/qemu/qemu.conf.in
@@ -513,7 +513,17 @@

 # Whether libvirt should dynamically change file ownership
 # to match the configured user/group above. Defaults to 1.
-# Set to 0 to disable file ownership changes.
+#
+# Notes:
+#  - Per domain or per disk image user and group can be configured, or
+#    relabelling disabled using the <seclabel model='dac'> elements in XML:
+#
+#      https://www.libvirt.org/formatdomain.html#security-label
+#
+#  - The user/group of read-only images is not restored as with read-write
+#    images as they may be shared among more domains.
+#
+# Set to 0 to disable file ownership changes globally in the qemu driver.
 #dynamic_ownership = 1

 # Whether libvirt should remember and restore the original
-- 
2.49.0
Re: [PATCH] qemu.conf: Improve docs for 'dynamic_ownership' option
Posted by Michal Prívozník via Devel 3 months ago 
On 6/6/25 10:05, Peter Krempa via Devel wrote:
> From: Peter Krempa <pkrempa@redhat.com>
> 
> Add a note that the user/group can be overriden or relabelling disabled
> using per-vm/disk <seclabel> elements instead of disabling it globally.
> 
> Add a note that read-only image labels are not restored.
> 
> Closes: https://gitlab.com/libvirt/libvirt/-/issues/512

What a nice round number!

> Signed-off-by: Peter Krempa <pkrempa@redhat.com>
> ---
>  src/qemu/qemu.conf.in | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in
> index 042bb75b50..221bfa8095 100644
> --- a/src/qemu/qemu.conf.in
> +++ b/src/qemu/qemu.conf.in
> @@ -513,7 +513,17 @@
> 
>  # Whether libvirt should dynamically change file ownership
>  # to match the configured user/group above. Defaults to 1.
> -# Set to 0 to disable file ownership changes.
> +#
> +# Notes:
> +#  - Per domain or per disk image user and group can be configured, or
> +#    relabelling disabled using the <seclabel model='dac'> elements in XML:
> +#
> +#      https://www.libvirt.org/formatdomain.html#security-label
> +#
> +#  - The user/group of read-only images is not restored as with read-write
> +#    images as they may be shared among more domains.
> +#
> +# Set to 0 to disable file ownership changes globally in the qemu driver.
>  #dynamic_ownership = 1
> 
>  # Whether libvirt should remember and restore the original

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

Michal

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.