Cannot start domain using user session
Michael Biebl
biebl at debian.org
Mon Jul 9 23:06:13 BST 2018
Am 09.07.2018 um 20:37 schrieb Ben Hutchings:
> It is fairly mature, but it still has a large attack surface and
> occasional security issues that can be exploited by the VM owner. So I
> think it make sense to restrict access to the kvm group and local
> logins. This should mitigate the security issues on multiuser systems
> without too much disruption.
Ok, let's go with 0660 (root:kvm) + uaccess then
I'll include that in the next upload of udev.
Michael, feel free to drop
/lib/udev/rules.d/60-qemu-system-common.rules in a future upload of qemu
along with the creation of the kvm group from
qemu-system-common.postinst so we only have a single place (i.e. udev)
where the device permissions of /dev/kvm are setup.
Regards,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20180710/58187480/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list