Re:
https://bugzilla.redhat.com/show_bug.cgi?id=1431876
Currently if you install a minimal-ish, non-"Virtualization Host"
Fedora, then the permissions on the /dev/kvm device are:
crw-------. 1 root root 10, 232 Mar 14 15:51 /dev/kvm
(I believe this is because of some kernel defaults for the device. In
any case there seems to be no base install udev rule which applies a
`MODE=' line explicitly for /dev/kvm).
There mere act of installing the qemu package adds a new udev rule
which changes the permissions:
[root@rawhide ~]# ll /dev/kvm
crw-------. 1 root root 10, 232 Mar 14 15:51 /dev/kvm
[root@rawhide ~]# dnf -y install qemu-system-x86
//...
[root@rawhide ~]# ll /dev/kvm
crw-rw-rw-. 1 root root 10, 232 Mar 14 15:51 /dev/kvm
I don't have a problem with any of that and I'm not saying that the
permissions should be more restrictive, but for balance I will note
that in Debian /dev/kvm is more restrictive (see comment in the bug
above).
The problem raised in the bug above is that with containers people
will wish to install qemu or libvirt or other tools inside the
containers, but not necessarily have qemu installed on the host. In
that case, they will always see /dev/kvm with mode 0600, ie. generally
unusable for them.
Should we include the qemu udev rule [to make /dev/kvm 0666] in the
base RHEL install? Or something else?
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html