Bug#892945: Cannot start domain using user session

Michael Biebl biebl at debian.org
Mon Jul 23 10:00:56 BST 2018


Control: retitle -1 Please drop 60-qemu-system-common.rules
Control: tags -1 + patch

Am 23.07.2018 um 09:08 schrieb Guido Günther:
> Hi,
> On Tue, Jul 10, 2018 at 12:06:13AM +0200, Michael Biebl wrote:
>> Am 09.07.2018 um 20:37 schrieb Ben Hutchings:
>>
>>> It is fairly mature, but it still has a large attack surface and
>>> occasional security issues that can be exploited by the VM owner.  So I
>>> think it make sense to restrict access to the kvm group and local
>>> logins.  This should mitigate the security issues on multiuser systems
>>> without too much disruption.
>>
>> Ok, let's go with 0660 (root:kvm) + uaccess then
>> I'll include that in the next upload of udev.
> 
> Thanks a lot! This makes it a lot simpler for users to run qemu:///session.

This has happened in systemd/udev 239-6 [1]

It should now be safe to drop
/lib/udev/rules.d/60-qemu-system-common.rules and the creation of the
kvm system group from qemu-system-common.postinst. So retitling the bug
report accordingly.
Please consider applying the attached patch in one of your next uploads


Regards,
Michael

[1]
https://salsa.debian.org/systemd-team/systemd/commit/4fc3fa53bfa6e16ceb6cd312f49003839b56144a




-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Drop-60-qemu-system-common.rules-and-postinst-which-.patch
Type: text/x-patch
Size: 1728 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20180723/a75ee3dc/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20180723/a75ee3dc/attachment-0002.sig>


More information about the Pkg-systemd-maintainers mailing list