Cannot start domain using user session
Guido Günther
agx at sigxcpu.org
Mon Jul 9 07:32:14 BST 2018
Hi Michael,
On Mon, Jul 09, 2018 at 01:30:16AM +0200, Michael Biebl wrote:
> Related to that is
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887852
>
> systemd upstream removed the uaccess bits, as they install /dev/kvm with
> 0666 permissions by default, claiming this would be safe nowadays.
>
> See
> https://github.com/systemd/systemd/pull/5597
> https://github.com/systemd/systemd/commit/b8fd3d82205f632ce001fade74fed287e1564a1a
>
> I think long term it would be best if the udev package setups up the
> correct permissions for /dev/kvm, the question is whether we follow the
> upstream default and make /dev/kvm 0666 or we chose 0640 (root:kvm) and
> revert the bits from b8fd3d82205f632ce001fade74fed287e1564a1a to re-add
> the uaccess tag.
Yes, I'd be good to have correct permissions out of the box. Lots of
people don't know they need the kvm group for the user session - so 0640
wouldn't help the cause.
However given the hardening that is currently going on in the kernel to
restrict user access to e.g. dmesg it'd actually be nicer to not
have 0666. But if uaccess goes away it looks like the only way (if we'd
don't want to maintain the uaccess code).
Cheers,
-- Guido
More information about the Pkg-systemd-maintainers
mailing list