© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
4d1350f
(Get the code!)
Hi Jeff,
this contains multiple questions at one.
1. for dynamic_ownership "why is the default not 0 here"
=> Because that is the upstream default and actually fixing issues with image permissions for a lot of people.
2. "arbitrarily be stolen from me when they're used BY ME"
This isn't 100% applicable IMHO.
They are used by qemu which for isolation purpose runs under different user/group.
So it is stolen from "you" to be used by qemu under these special constraints.
Also IIRC after the guest is switched off the ownership is restored to what it was before, so it is only changed for currently in use images so that they are actually usable.
All of this is considered system/service owned and not user-owned anyway.
The default is that way to serve most peoples need to not run into trouble with it.
The config exists for more experienced users like you that want to achieve something more special and need the feature disabled.
You can "use it by yourself" with a different setup:
$ qemu-img create -f qcow2 test1.img 10M
XMl like
<domain type='kvm'>
<name>test</name>
<memory unit='KiB'
<currentMemory unit='KiB'
<vcpu placement=
<os>
<type arch='x86_64' machine=
<boot dev='hd'/>
</os>
<clock offset='utc'/>
<devices>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/
<target dev='vda' bus='virtio'/>
</disk>
</devices>
</domain>
Starting that as a user session will run it in your context
$ virsh -c qemu:///session start test
This will have qemu use:
- your user
- since this matches what the file already has no ownership changes
Session scope has other problems like networking setup as normal user, but that would be matching as "used BY ME" and does not "steal" the files just as expected.
I feel with you but I'd currently not change the default as it would break too many other people and hope my explanations could outline why it is the way it is.
If you are ok with your setup to disable the dynamic ownership then please go on with that.