1For security reasons, libxl tries to pass a non-root username to QEMU as 2argument. During initialization QEMU calls setuid and setgid with the 3user ID and the group ID of the user passed as argument. 4Libxl looks for the following users in this order: 5 61) a user named "xen-qemuuser-domid$domid", 7Where $domid is the domid of the domain being created. 8This requires the reservation of 65535 uids from xen-qemuuser-domid1 9to xen-qemuuser-domid65535. To use this mechanism, you might want to 10create a large number of users at installation time. For example: 11 12for ((i=1; i<65536; i++)) 13do 14 adduser --no-create-home --system xen-qemuuser-domid$i 15done 16 17You might want to consider passing --group to adduser to create a new 18group for each new user. 19 20 212) a user named "xen-qemuuser-shared" 22As a fall back if both 1) fails, libxl will use a single user for 23all QEMU instances. The user is named xen-qemuuser-shared. This is 24less secure but still better than running QEMU as root. Using this is as 25simple as creating just one more user on your host: 26 27adduser --no-create-home --system xen-qemuuser-shared 28 29 303) root 31As a last resort, libxl will start QEMU as root. 32 33 34Please note that running QEMU as non-root causes several features like 35migration and PCI passthrough to not work properly and may prevent the guest 36from booting. 37