# Copyright Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

# HotsTac(k)os QEMU session configuration
# This configuration ensures QEMU processes run as the hotstack user
# and can access files with ACLs set for that user.

# Run QEMU as the hotstack user instead of using dynamic ownership
# This allows QEMU to access files with ACLs set for the hotstack user
# The 990 and 989 placeholders will be substituted during setup
# Note: These must be quoted strings (can be username or numeric UID)
user = "990"
group = "989"

# Disable dynamic ownership - we use ACLs instead
# Dynamic ownership would remap files to nobody:nobody in user namespaces
dynamic_ownership = 0

# Security driver - use "none" for session mode
# Session mode doesn't have access to DAC or SELinux security drivers
# Security is provided by the user session isolation itself
security_driver = "none"