Bug#887852: /dev/kvm is no longer accessible to local users

Alexander Kurtz alexander at kurtz.be
Tue Jan 23 22:38:10 GMT 2018


On Mon, 2018-01-22 at 17:50 +0100, Michael Biebl wrote:
> On Sat, 20 Jan 2018 18:21:33 +0100 Alexander Kurtz <alexander at kurtz.be> wrote:
> > Package: systemd
> > Version: 236-3
> > 
> > Hi!
> > 
> > Until recently, /dev/kvm was made accessible to local users by this
> > line in /lib/udev/rules.d/70-uaccess.rules:
> > 
> > 	# KVM
> > 	SUBSYSTEM=="misc", KERNEL=="kvm", TAG+="uaccess"
> > 
> > However, as of systemd 236, the above rule seems to be gone. After
> > reading up a bit on systemd's upstream and Debian bug tracker, I'm even
> > more confused than before: Which package is supposed to manage
> > permissions on /dev/kvm in Debian? Which package is supposed to create
> > the "kvm" group? Is the missing access for local users intentional?
> 
> Isn't this setup by the qemu package in
> /lib/udev/rules.d/60-qemu-system-common.rules:KERNEL=="kvm",
> GROUP="kvm", MODE="0660"

Yes, but only partially: This is the full rule shipped by QEMU:

	$ cat /lib/udev/rules.d/60-qemu-system-common.rules 
	KERNEL=="kvm", GROUP="kvm", MODE="0660"
	$ 

This rule only manages the basic group ownership and permissions. It
does not add the "uaccess" tag, which is (presumably) used by logind to
dynamically grant local users access via ACLs. This used to work before
with systemd <236 and doesn't work now. Is this intentional?

Best regards

Alexander Kurtz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20180123/280ce770/attachment-0002.sig>


More information about the Pkg-systemd-maintainers mailing list