how can I create a KVM guest 100% as a non root user?
Solution 1
What you're using isn't KVM directly, but a management library called libvirt.
You can specify a user which will have access to libvirt's setup (and thus creating VMs and pretty much running virsh commands) by adding the users to the libvirtd and kvm groups on the host.
You can also use policykit to manage access, the procedure is described in the libvirt Wiki: SSHPolicyKitSetup | Libvirt Wiki
Solution 2
For KVM you need access to the device /dev/kvm. If user can read/write to this device, then he can run KVM-based virtual machines without root privileges.
In most distributions members of the kvm group has access to this device, so all you need to do is to add the user to the kvm group.
Related videos on Youtube
29 : 43
14 : 33
05 : 22
31 : 34
01 : 50
nass
Updated on September 18, 2022Comments
-
nass almost 2 years
In a debian host with many users, I want to allow different users to create their own VMs, completely independent of each other.
The closest relevant (non-root) way I have seen in guides is by connecting to the
qemu:///systemhypervisor . This is the system hypervisor which is shared among all users. What is more the disk image file will be owned by root (or kvm) user, meaning that the whole filesystem path to the location of the disk image file must be world readable.For the above and other reasons I want to run my VMs purely and completely as non root user. That is as
qemu:///session. So the main question is how do I do that? Are there any guides I could use?I went as far as trying to create new virtual bridge iface, but even though I am member of the netdev group I get "permission denied" errors when I do the following:
virsh -c qemu:///session net-create /etc/libvirt/qemu/networks/mynet.xmlnote than mynet.xml is just like default network but at a different subnet.