Bug#892945: Cannot start domain using user session
Michael Biebl
biebl at debian.org
Mon Jul 23 10:00:56 BST 2018
Control: retitle -1 Please drop 60-qemu-system-common.rules
Control: tags -1 + patch
Am 23.07.2018 um 09:08 schrieb Guido Günther:
> Hi,
> On Tue, Jul 10, 2018 at 12:06:13AM +0200, Michael Biebl wrote:
>> Am 09.07.2018 um 20:37 schrieb Ben Hutchings:
>>
>>> It is fairly mature, but it still has a large attack surface and
>>> occasional security issues that can be exploited by the VM owner. So I
>>> think it make sense to restrict access to the kvm group and local
>>> logins. This should mitigate the security issues on multiuser systems
>>> without too much disruption.
>>
>> Ok, let's go with 0660 (root:kvm) + uaccess then
>> I'll include that in the next upload of udev.
>
> Thanks a lot! This makes it a lot simpler for users to run qemu:///session.
This has happened in systemd/udev 239-6 [1]
It should now be safe to drop
/lib/udev/rules.d/60-qemu-system-common.rules and the creation of the
kvm system group from qemu-system-common.postinst. So retitling the bug
report accordingly.
Please consider applying the attached patch in one of your next uploads
Regards,
Michael
[1]
https://salsa.debian.org/systemd-team/systemd/commit/4fc3fa53bfa6e16ceb6cd312f49003839b56144a
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Drop-60-qemu-system-common.rules-and-postinst-which-.patch
Type: text/x-patch
Size: 1728 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20180723/a75ee3dc/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20180723/a75ee3dc/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list