Commit caf39b8a authored by Guido Trotter's avatar Guido Trotter
Browse files

Document the security_* hypervisor parameters

Signed-off-by: default avatarGuido Trotter <>
Reviewed-by: default avatarMichael Hanselmann <>
parent d19d94db
...@@ -579,6 +579,48 @@ ...@@ -579,6 +579,48 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<simpara>Valid for the KVM hypervisor.</simpara>
<simpara>The security model for kvm. Currently one of
<quote>none</quote>, <quote>user</quote> or
<quote>pool</quote>. Under <quote>none</quote>, the
default, nothing is done and instances are run as
the ganeti daemon user (normally root).
<simpara>Under <quote>user</quote> kvm will drop
privileges and become the user specified by the
security_domain parameter.
<simpara>Under <quote>pool</quote> a global cluster
pool of users will be used, making sure no two
instances share the same user on the same node.
(this mode is not implemented yet)
<simpara>Valid for the KVM hypervisor.</simpara>
<simpara>Under security model <quote>user</quote> the username to
run the instance under. It must be a valid username
existing on the host.
<simpara>Cannot be set under security model <quote>none</quote>
or <quote>pool</quote>.
</variablelist> </variablelist>
</para> </para>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment