Bug#892945: Cannot start domain using user session

Control: retitle -1 Please drop 60-qemu-system-common.rules Control: tags -1 + patch Am 23.07.2018 um 09:08 schrieb Guido Günther: > Hi, > On Tue, Jul 10, 2018 at 12:06:13AM +0200, Michael Biebl wrote: >> Am 09.07.2018 um 20:37 schrieb Ben Hutchings: >> >>> It is fairly mature, but it still has a

Bug#892945: Cannot start domain using user session

Hi, On Tue, Jul 10, 2018 at 12:06:13AM +0200, Michael Biebl wrote: > Am 09.07.2018 um 20:37 schrieb Ben Hutchings: > > > It is fairly mature, but it still has a large attack surface and > > occasional security issues that can be exploited by the VM owner. So I > > think it make sense to restrict

Bug#892945: Cannot start domain using user session

Am 09.07.2018 um 20:37 schrieb Ben Hutchings: > It is fairly mature, but it still has a large attack surface and > occasional security issues that can be exploited by the VM owner. So I > think it make sense to restrict access to the kvm group and local > logins. This should mitigate the

Bug#892945: Cannot start domain using user session

On Mon, 2018-07-09 at 13:06 +0200, Michael Biebl wrote: > Am 09.07.2018 um 08:32 schrieb Guido Günther: > > Hi Michael, > > On Mon, Jul 09, 2018 at 01:30:16AM +0200, Michael Biebl wrote: > > > Related to that is > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887852 > > > > > > systemd

Bug#892945: Cannot start domain using user session

Am 09.07.2018 um 08:32 schrieb Guido Günther: > Hi Michael, > On Mon, Jul 09, 2018 at 01:30:16AM +0200, Michael Biebl wrote: >> Related to that is >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887852 >> >> systemd upstream removed the uaccess bits, as they install /dev/kvm with >> 0666

Bug#892945: Cannot start domain using user session

Hi Michael, On Mon, Jul 09, 2018 at 01:30:16AM +0200, Michael Biebl wrote: > Related to that is > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887852 > > systemd upstream removed the uaccess bits, as they install /dev/kvm with > 0666 permissions by default, claiming this would be safe

Bug#892945: Cannot start domain using user session

Related to that is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887852 systemd upstream removed the uaccess bits, as they install /dev/kvm with 0666 permissions by default, claiming this would be safe nowadays. See https://github.com/systemd/systemd/pull/5597

Bug#892945: [Pkg-libvirt-maintainers] Bug#892945: Cannot start domain using user session

On Thu, Mar 15, 2018 at 12:34:33AM +0100, Laurent Bigonville wrote: > reassign 892945 qemu-system-common 1:2.11+dfsg-1 > thanks > > On Wed, 14 Mar 2018 22:37:14 +0100 Guido =?iso-8859-1?Q?G=FCnther?= > wrote: > > On Wed, Mar 14, 2018 at 08:42:32PM +0100, Laurent Bigonville

Bug#892945: [Pkg-libvirt-maintainers] Bug#892945: Cannot start domain using user session

reassign 892945 qemu-system-common 1:2.11+dfsg-1 thanks On Wed, 14 Mar 2018 22:37:14 +0100 Guido =?iso-8859-1?Q?G=FCnther?= wrote: > On Wed, Mar 14, 2018 at 08:42:32PM +0100, Laurent Bigonville wrote: > > Hi, > > > > OK I got confused. polkit and the libvirt group has

Bug#892945: [Pkg-libvirt-maintainers] Bug#892945: Cannot start domain using user session

On Wed, Mar 14, 2018 at 08:42:32PM +0100, Laurent Bigonville wrote: > Source: libvirt > Followup-For: Bug #892945 > > Hi, > > OK I got confused. polkit and the libvirt group has noththing to do with > that. > > It's happening because of the permissions on the /dev/kvm device. > > Would it be

Bug#892945: Cannot start domain using user session

Source: libvirt Followup-For: Bug #892945 Hi, OK I got confused. polkit and the libvirt group has noththing to do with that. It's happening because of the permissions on the /dev/kvm device. Would it be an option to tag /dev/kvm with uaccess? So users that are logged in have access to it by

Bug#892945: Cannot start domain using user session

Package: libvirt-daemon Version: 4.0.0-2 Severity: serious Hi, I cannot start a domain using a libvirt user session. I'm getting the following message: Impossible de terminer l’installation : « internal error: process exited while connecting to monitor: Could not access KVM kernel module: