Cannot start domain using user session

Michael Biebl biebl at debian.org
Mon Jul 9 23:06:13 BST 2018


Am 09.07.2018 um 20:37 schrieb Ben Hutchings:

> It is fairly mature, but it still has a large attack surface and
> occasional security issues that can be exploited by the VM owner.  So I
> think it make sense to restrict access to the kvm group and local
> logins.  This should mitigate the security issues on multiuser systems
> without too much disruption.

Ok, let's go with 0660 (root:kvm) + uaccess then
I'll include that in the next upload of udev.

Michael, feel free to drop
/lib/udev/rules.d/60-qemu-system-common.rules in a future upload of qemu
along with the creation of the kvm group from
qemu-system-common.postinst so we only have a single place (i.e. udev)
where the device permissions of /dev/kvm are setup.

Regards,
Michael
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20180710/58187480/attachment-0002.sig>


More information about the Pkg-systemd-maintainers mailing list