Package: qemu-kvm
Version: 0.14.1+dfsg-4
Severity: wishlist
Hi,
It would be nice if /dev/kvm were world-accessible, so that unprivileged
users could use hardware virtualization features without needing to be
added to the kvm group in advance by a system administrator.
Currently the following rule is in place:
geofft@leveret:/lib/udev/rules.d$ cat 60-qemu-kvm.rules
KERNEL=="kvm", GROUP="kvm", MODE="0660"
I'd like that to be changed to mode 0666. Fedora has decided that this is
okay in terms of security, and that this is a useful change to be made. On
my Fedora 15 box, the following rule is in place:
busy-beaver:/etc/udev/rules.d geofft$ less 80-kvm.rules
KERNEL=="kvm", GROUP="kvm", MODE="0666"
(I don't understand why it's in /etc, but it is in fact packaged in
qemu-system-x86-0.14.0-7.)
See also "We have already reserved a group called 'kvm' in the setup
package, so no need for yet another called 'vm'. The /dev/kvm should be
chgrp kvm by default. That said I agree with Mark that it'd be desirable
to also make it possible to just any normal user access to /dev/kvm out of
the box, so libvirt's per-user qemu:///session connection can be used"
from https://bugzilla.redhat.com/show_bug.cgi?id=481260 .
I'm working on a software package that would benefit from unprivileged
remote users being able to access kvm, so this change would be beneficial
to me. It sounds from the above text that this would also make using
libvirt easier.
Thanks,
--
Geoffrey Thomas
[email protected]
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
