/dev/kvm permissions

/dev/kvm permissions

[Baruch Even]

Hello,

What do peoples do/think about the permissions for /dev/kvm?

I'm the maintainer for the Debian package and currently the package uses 
a group to control access, for no good reason really. I've seen that 
kqemu in Debian simply uses 0666 permissions and consider doing the same 
for kvm. I wanted to know what others do in other distributions and what 
others think the permissions should be.

Thanks,
Baruch

p.s. Please cc me as I'm not subscribed to kvm-devel. Thanks.

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Re: /dev/kvm permissions

[Avi Kivity]

Baruch Even wrote:
> Hello,
>
> What do peoples do/think about the permissions for /dev/kvm?
>
> I'm the maintainer for the Debian package and currently the package uses 
> a group to control access, for no good reason really. I've seen that 
> kqemu in Debian simply uses 0666 permissions and consider doing the same 
> for kvm. I wanted to know what others do in other distributions and what 
> others think the permissions should be.
>
>   

I recommend 0660, and setting /dev/kvm's group to 'kvm'.  Users which
need access to kvm can be added to that group.

A udev rule which does this is available in the scripts/ directory in
kvm-userspace.git (not sure if it is packaged).

When kvm stops locking so much memory, I guess this can be relaxed.

-- 
Do not meddle in the internals of kernels, for they are subtle and quick to panic.


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Re: /dev/kvm permissions

[Baruch Even]

Avi Kivity wrote:
> Baruch Even wrote:
>> Hello,
>>
>> What do peoples do/think about the permissions for /dev/kvm?
>>
>> I'm the maintainer for the Debian package and currently the package uses 
>> a group to control access, for no good reason really. I've seen that 
>> kqemu in Debian simply uses 0666 permissions and consider doing the same 
>> for kvm. I wanted to know what others do in other distributions and what 
>> others think the permissions should be.
>>
>>   
> 
> I recommend 0660, and setting /dev/kvm's group to 'kvm'.  Users which
> need access to kvm can be added to that group.

OK. This is what happens right now.

> When kvm stops locking so much memory, I guess this can be relaxed.

OK. It would be nice if you notify when you think this change is a good 
idea. Relaxing access will make kvm easier to use which is always a good 
thing.

Baruch

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/