Default permissions on /dev/kvm

Re: https://bugzilla.redhat.com/show_bug.cgi?id=1431876 Currently if you install a minimal-ish, non-"Virtualization Host" Fedora, then the permissions on the /dev/kvm device are: crw-------. 1 root root 10, 232 Mar 14 15:51 /dev/kvm (I believe this is because of some kernel defaults for the device. In any case there seems to be no base install udev rule which applies a `MODE=' line explicitly for /dev/kvm). There mere act of installing the qemu package adds a new udev rule which changes the permissions: [root@rawhide ~]# ll /dev/kvm crw-------. 1 root root 10, 232 Mar 14 15:51 /dev/kvm [root@rawhide ~]# dnf -y install qemu-system-x86 //... [root@rawhide ~]# ll /dev/kvm crw-rw-rw-. 1 root root 10, 232 Mar 14 15:51 /dev/kvm I don't have a problem with any of that and I'm not saying that the permissions should be more restrictive, but for balance I will note that in Debian /dev/kvm is more restrictive (see comment in the bug above). The problem raised in the bug above is that with containers people will wish to install qemu or libvirt or other tools inside the containers, but not necessarily have qemu installed on the host. In that case, they will always see /dev/kvm with mode 0600, ie. generally unusable for them. Should we include the qemu udev rule [to make /dev/kvm 0666] in the base RHEL install? Or something else? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder quickly builds VMs from scratch http://libguestfs.org/virt-builder.1.html