In a debian host with many users, I want to allow different users to create their own VMs, completely independent of each other.
The closest relevant (non-root) way I have seen in guides is by connecting to the qemu:///system
hypervisor . This is the system hypervisor which is shared among all users. What is more the disk image file will be owned by root (or kvm) user, meaning that the whole filesystem path to the location of the disk image file must be world readable.
For the above and other reasons I want to run my VMs purely and completely as non root user. That is as qemu:///session
. So the main question is how do I do that? Are there any guides I could use?
I went as far as trying to create new virtual bridge iface, but even though I am member of the netdev group I get "permission denied" errors when I do the following:
virsh -c qemu:///session net-create /etc/libvirt/qemu/networks/mynet.xml
note than mynet.xml is just like default network but at a different subnet.
Best Answer
What you're using isn't KVM directly, but a management library called
libvirt
.You can specify a user which will have access to libvirt's setup (and thus creating VMs and pretty much running
virsh
commands) by adding the users to thelibvirtd
andkvm
groups on the host.You can also use
policykit
to manage access, the procedure is described in the libvirt Wiki: SSHPolicyKitSetup | Libvirt Wiki