docs: Update description of 'user=username' for '-run-with'

The description of '-runas' and '-run-with' didn't explain that QEMU will use setuid/setgid to implement the option, so the user might get confused if using 'elevateprivileges=deny' as well. Since '-runas' is going to be deprecated and replaced by '-run-with' in the coming qemu9.1, add the message there. Signed-off-by: Boqiao Fu <bfu@redhat.com> Link: https://lore.kernel.org/r/CAFRHJ6J9uMk+HMZL+W+KE1yoRCOLPgbPUVVDku55sdXYiGXXHg@mail.gmail.com Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
author: Boqiao Fu <bfu@redhat.com> 2024-07-15 17:04:32 +0800
committer: Paolo Bonzini <pbonzini@redhat.com> 2024-07-16 18:18:24 +0200
commit: de12ebfdabe224597f624827ad57348b83e7d88a (patch)
tree: 85f54c3ef6119f93cc02ec9e481fcd6723185d31 /qemu-options.hx
parent: d16ccfea238e51a17650c6e32f7c4a1e43cfaa09 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/qemu-options.hx b/qemu-options.hx
index ad6521ef5e..694fa37f28 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -5024,8 +5024,11 @@ SRST
     in combination with -runas.
 
     ``user=username`` or ``user=uid:gid`` can be used to drop root privileges
-    by switching to the specified user (via username) or user and group
-    (via uid:gid) immediately before starting guest execution.
+    before starting guest execution. QEMU will use the ``setuid`` and ``setgid``
+    system calls to switch to the specified identity.  Note that the
+    ``user=username`` syntax will also apply the full set of supplementary
+    groups for the user, whereas the ``user=uid:gid`` will use only the
+    ``gid`` group.
 ERST
 #endif
author	Boqiao Fu <bfu@redhat.com>	2024-07-15 17:04:32 +0800
committer	Paolo Bonzini <pbonzini@redhat.com>	2024-07-16 18:18:24 +0200
commit	de12ebfdabe224597f624827ad57348b83e7d88a (patch)
tree	85f54c3ef6119f93cc02ec9e481fcd6723185d31 /qemu-options.hx
parent	d16ccfea238e51a17650c6e32f7c4a1e43cfaa09 (diff)