tags 640328 + wontfix thanks On 04.09.2011 15:16, Geoffrey Thomas wrote: > Package: qemu-kvm > Version: 0.14.1+dfsg-4 > Severity: wishlist > > Hi, > > It would be nice if /dev/kvm were world-accessible, so that unprivileged > users could use hardware virtualization features without needing to be added > to the kvm group in advance by a system administrator.
With the amount of past security issues with in-kernel kvm module this wont happen in a reasonable future. This has been discussed previously, mode 0666 has been proposed initially but given up later. You can surely override this conffile locally on any machine you set up. [] > See also "We have already reserved a group called 'kvm' in the setup package, > so no need for yet another called 'vm'. The /dev/kvm should be chgrp kvm by > default. That said I agree with Mark that it'd be desirable to also make it > possible to just any normal user access to /dev/kvm out of the box, so > libvirt's per-user qemu:///session connection can be used" from > https://bugzilla.redhat.com/show_bug.cgi?id=481260 . > I'm working on a software package that would benefit from unprivileged remote > users being able to access kvm, so this change would be beneficial to me. It > sounds from the above text that this would also make using libvirt easier. I think maybe in squeeze+1 we can think about it more, that time in qemu package (since qemu-kvm most likely wont be present in wheezy being merged into qemu proper fully). /mjt -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
