Re: [Kimchi-devel] Kimchi feedback

>> It seems difficult to make a new ISO available, or I chose a poor way. >> - I downloaded from an FTP site requiring non-anonymous authentication >> - I scp'd it to root@host >> - I tried to use it from there, but I got permission denied "KCHISO0008E: The >> hypervisor doesn't have permission to use this ISO /root/..." >> >> - the message above recommends copying the file to /var/lib/libvirt, but I >> think you actually have to copy it to /var/lib/libvirt/images >> >> - you also need to "chown qemu" the ISO image >> >> After the above steps, it finally became visible and usable. > > For current kimchi security model design, > root users on behalf of console administrator, they are responsible for > 1. host setup for virtualization infrastructure and console administration > 2. virtualization resources setup > > I think this process should be streamlined for better user experience. > I recommend to make "chown qemu" transparent with kimchi to handle it automatically. The user also has to add "x" for QEMU on each level of the directory that contains the ISO image. Though this can be done by Kimchi automatically, it's possible that the user accidentally revokes the "x" from the directory and change the owner of the ISO image. The problem here is that the downloaded ISO is out of backend management. In this case, Kimchi is used as a desktop virtualization management soft. Libvirt already provides a "session" mode to solve desktop virtualization privilege problem. We can have the Kimchi backend create the VM in "session" mode, so that the VM gets the same privilege as the user, and it's able to read the ISO image. Another solution is that we provide an ISO upload interface to allow user to upload the image from his home directory to Kimchi backend. Then Kimchi store the image in /var/lib/libvirt/images and take over the control. This solution keeps Kimchi in the server virtualization way, which is its original orientation, to compete with XXWare server.