From: Peter Krempa <pkrempa@redhat.com>
Date: Fri, 6 Jun 2025 08:02:23 +0000 (+0200)
Subject: qemu.conf: Improve docs for 'dynamic_ownership' option
X-Git-Tag: v11.5.0-rc1~48
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7be1c5e2fe3d6cf7898d0faa08049351adaa6bbf;p=thirdparty%2Flibvirt.git

qemu.conf: Improve docs for 'dynamic_ownership' option

Add a note that the user/group can be overriden or relabelling disabled
using per-vm/disk <seclabel> elements instead of disabling it globally.

Add a note that read-only image labels are not restored.

Closes: https://gitlab.com/libvirt/libvirt/-/issues/512
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---

diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in
index 042bb75b50..221bfa8095 100644
--- a/src/qemu/qemu.conf.in
+++ b/src/qemu/qemu.conf.in
@@ -513,7 +513,17 @@
 
 # Whether libvirt should dynamically change file ownership
 # to match the configured user/group above. Defaults to 1.
-# Set to 0 to disable file ownership changes.
+#
+# Notes:
+#  - Per domain or per disk image user and group can be configured, or
+#    relabelling disabled using the <seclabel model='dac'> elements in XML:
+#
+#      https://www.libvirt.org/formatdomain.html#security-label
+#
+#  - The user/group of read-only images is not restored as with read-write
+#    images as they may be shared among more domains.
+#
+# Set to 0 to disable file ownership changes globally in the qemu driver.
 #dynamic_ownership = 1
 
 # Whether libvirt should remember and restore the original