[fedora-virt] libguestfs best practices: Exposing files from the host for the duration of a session

Michael Ansel redhat-lists at anselcomputers.com
Fri May 29 17:03:18 UTC 2009 

On Fri, May 29, 2009 at 5:44 AM, Richard W.M. Jones <rjones at redhat.com> wrote:
> On Fri, May 29, 2009 at 03:34:21AM -0400, Michael Ansel wrote:
>> 1) root (UID=0, everywhere) is the only one installing packages, so
>> the UID mapping lines up perfectly every time
>
> No - the concept of UIDs in libguestfs is non-intuitive.
>
> Firstly the normal mode of operation is to run libguestfs as non-root.
> There are plenty of reasons why this is a good idea, I think Charles
> covered a few of them.  So everything we do is oriented around making
> sure that we don't need to be root to do libguestfs operations.
>
> However, libguestfs runs qemu/kvm (also as non-root) but that boots a
> mini appliance.  *Inside* the appliance the appliance kernel thinks
> everything is running as root.  It's not really from the point of view
> of the host machine, but inside the appliance that's how it looks.
>

>> 2) you only need root access on the host once when you are building
>> the VM; you don't need NFS after it is already built
>
> With libguestfs currently, you never need root at all, not to build
> libguestfs, not to run it, not for any operations using it.
>


First, I just want to say, you guys are amazing: when do you sleep?!

I also want to apologize to the list for my somewhat mis- and
un-informed comments last night/early this morning. I do however think
I have figured out where my confusion was: I was under the impression
that running a virtual machine required root access and libguestfs
worked by launching said VM (in order to "run commands in the context
of the guest"). It seems I was grossly mistaken on both: virtual
machines can run as non-root (though, KVM is currently root only --
possibly changing), and libguestfs does only a miniature launch of the
system (? I'm still a little unclear on how the virtual appliance in
libguestfs works). I also did not realize that libguestfs was designed
with an explicit goal of not requiring root access for anything.  In
hindsight, I *knew* you didn't have to be root to launch a VM: I've
done it countless times to test boot CDs; for some reason (probably
because I was up later than normal), I just forgot that fact.

Again, I'm very sorry for my ill-informed comments, and have
officially decided I'm no longer allowed to post on mailing lists
after midnight!


Michael Ansel

More information about the virt mailing list