Describe KVM Multiuser Usage here.

Put up some thoughts here on multiuser KVM usage.

= Multiuser usage of KVM: Assumptions =
 * The host computer runs several instances of KVM virtual machines.
 * Each virtual machine runs as a process with privileges of a user it is allocated to. This makes it possible to utilize standard Linux user access control mechanisms.
 * Users may logon in various ways (see below), but even if a user possesses a shell account on the host computer, they should be prevented from direct execution of KVM (e. g. from command line), i. e. from uncontrolled creation of virtual machine instances. Therefore, a secure wrapper is necessary to run KVM on users' behalf.
= User Logon Possibilities =
 * Logon via ssh to the host computer, then launch a VM by invoking the wrapper passing desired ID of VM to start, then ssh into the VM (or xdm, or http)
 * VM is already running for a user (variant: frozen when user logs off, and unfrozen when they log on), so user logs on via ssh (or xdm, ot http) into a running VM instance
 * VM is running as a daemon, providing some services to other VMs (e. g. NFS/SAMBA server), and users access it indirectly from their own VMs by appropriate protocols
= Virtual Machine Layout =
== Classification of QEMU/KVM Options (as of 0.17) ==
=== Options that Users Are Allowed to Set ===
-fda/-fdb file  use 'file' as floppy disk 0/1 image

-hda/-hdb file  use 'file' as IDE hard disk 0/1 image

-cdrom file     use 'file' as IDE cdrom image (cdrom is ide1 master)

-boot [a|c|d|n] boot on floppy (a), hard disk (c), CD-ROM (d), or network (n)

-snapshot       write to temporary files instead of disk image files

-localtime      set the real time clock to local time [default=utc]

-kernel bzImage use 'bzImage' as kernel image

-append cmdline use'cmdline' as kernel command line

-initrd file use 'file' as initial ramdisk

-hdachs c,h,s[,t]  force hard disk 0 physical geometry and the optional BIOS translation (t=none or lba) (usually qemu can guess them)

=== Options that Users Are Not Allowed to Set ===
-m megs         set virtual RAM size to megs MB [default=128]

-nographic      disable graphical output and redirect serial I/Os to console

-win2k-hack     use it when installing Windows 2000 to avoid a disk full bug

-usb            enable the USB driver (will be the default soon)

-usbdevice name add the host or guest USB device 'name'

-net nic[,vlan=n][,macaddr=addr][,model=type] create a new Network Interface Card and connect it to VLAN 'n'

-net user[,vlan=n][,hostname=host] connect the user mode network stack to VLAN 'n' and send hostname 'host' to DHCP clients

-net tap[,vlan=n][,fd=h][,ifname=name][,script=file] connectthe host TAP network interface to VLAN 'n' and use the network script'file' (default=/etc/qemu-ifup); use 'script=no' to disable scriptexecution; use 'fd=h' to connect to an already opened TAP interface

-net socket[,vlan=n][,fd=h][,listen=[host]:port][,connect=host:port] connect the vlan 'n' to another VLAN using a socket connection

-net socket[,vlan=n][,fd=h][,mcast=maddr:port] connect the vlan 'n' to multicast maddr and port

-net none       use it alone to have zero network devices; if no -net option is provided, the default is '-net nic -net user'

-tftp prefix allow tftp access to files startingwith prefix [-net user] -smb dir allow SMB access to files in 'dir'[-net user] -redir [tcp|udp]:host-port:[guest-host]:guest-port redirect TCP or UDP connections from host to guest [-net user]

-monitor dev redirect the monitor to char device 'dev'

-vmchanneldi:DI,dev redirect the hypercall device with device id DI, to chardevice 'dev'

-balloon dev redirect the balloon hypercall device to chardevice 'dev'

-serial dev redirect the serial port to char device 'dev'

-parallel dev redirect the parallel port to char device 'dev'

-pidfile file Write PID to 'file'



=== Options that Are Not Used ===
-M machine      select emulated machine (-M ? for list)  -hdc/-hdd file  use 'file' as IDE hard disk 2/3 image

-no-quit        disable SDL window close capability

-no-fd-bootchk  disable boot signature checking for floppy disks

-smp n          set the number of CPUs to 'n' [default=1]

-k language     use keyboard layout (for example "fr" for French)

-audio-help     print list of audio drivers and their options

-soundhw c1,... enable audio support and only specified sound cards (comma separated list) use -soundhw ? to get the list of supported cards use
-soundhw all to enable all of them

-full-screen    start in full screen

-S              freeze CPU at startup (use 'c' to start execution)

-s              wait gdb connection to port 1234

-p port         change gdb connection port

-d item1,...    output log to /tmp/qemu.log (use -d ? for a list of log items)

-L path         set the directory for the BIOS, VGA BIOS and keymaps -no-kvm         disable KVM hardware virtualization -std-vga        simulate a standard VGA card with VESA Bochs Extensions

 . (default is CL-GD5446 PCI VGA)
-no-acpi        disable ACPI -no-reboot      exit instead of rebooting -loadvm file    start right away with a saved state (loadvm in monitor) -vnc display    start a VNC server on display -daemonize      daemonize QEMU after initializing -no-rtc         don't use /dev/rtc for timer alarm (do use gettimeofday) -option-rom rom load a file, rom, into the option ROM space

=== VM ID Structure ===
=== VM Directory Structure ===
= Secure Wrapper =