ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docs: Update description of 'user=username' for '-run-with' 

The description of '-runas' and '-run-with' didn't explain that QEMU
will use setuid/setgid to implement the option, so the user might get
confused if using 'elevateprivileges=deny' as well.

Since '-runas' is going to be deprecated and replaced by '-run-with'
in the coming qemu9.1, add the message there.

Signed-off-by: Boqiao Fu <bfu@redhat.com>
Link: https://lore.kernel.org/r/CAFRHJ6J9uMk+HMZL+W+KE1yoRCOLPgbPUVVDku55sdXYiGXXHg@mail.gmail.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Boqiao Fu 2024-07-15 17:04:32 +08:00 committed by Paolo Bonzini
parent d16ccfea23
commit de12ebfdab
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
qemu-options.hx
View File

@ -5024,8 +5024,11 @@ SRST
in combination with -runas. in combination with -runas.
``user=username`` or ``user=uid:gid`` can be used to drop root privileges ``user=username`` or ``user=uid:gid`` can be used to drop root privileges
by switching to the specified user (via username) or user and group before starting guest execution. QEMU will use the ``setuid`` and ``setgid``
(via uid:gid) immediately before starting guest execution. system calls to switch to the specified identity. Note that the
``user=username`` syntax will also apply the full set of supplementary
groups for the user, whereas the ``user=uid:gid`` will use only the
``gid`` group.
ERST ERST
#endif #endif