[Bug 1103022] Re: 70-udev-acl.rules needs to put g+rw on /dev/kvm
Serge Hallyn
1103022 at bugs.launchpad.net
Tue Jan 29 06:22:55 UTC 2013
I'm assuming (hoping) comment #2 as entered before we proceeded with our
irc conversation?
The 40-qemu-system.rules is not the problem and we're not trying to recover from it.
As mentioned in irc, the steps are:
1. set up a new ubuntu system, it modprobes kvm_intel, /dev/kvm gets created,
2. 70-udev-acl.rules sets /dev/kvm to root:root rwx------, and tags it with acl
3. user logs in, something (consolekit?) adds a group::--- acl
4. admin logs in remotely, installs qemu-system and libvirt-bin, which triggers udev with new rules,
5. udev chowns /dev/kvm to root:kvm, and sets it to rwxrw----, but the group::--- acl remains
6. libvirt tries to start a vm as group kvm, but the group:--- acl refuses it
The patch I proposed here simply sets GROUP=0660 in the 70-udev-
acl.rules. That way the group:: acl still gets added on login, but
becomes group::rw-. So it's a workaround for whatever is adding that
acl in the first place.
As discussed on irc, I'll see if I can figure out what exactly is causing that
group acl to be (needlessly) written.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to udev in Ubuntu.
https://bugs.launchpad.net/bugs/1103022
Title:
70-udev-acl.rules needs to put g+rw on /dev/kvm
Status in “udev” package in Ubuntu:
Confirmed
Bug description:
When qemu-system gets installed, the newly installed udev rule causes
/dev/kvm to gets chgrpd to kvm and its mode to get set to g+rw.
However, because /dev/kvm was tagged with ACL previously, there is a
group:: acl on /dev/kvm which does not get removed. Therefore
/dev/kvm is g+rw in the file mode, but the acl denies group read/write
access. After a reboot all is fine.
I have not seen a clean way to have udev remove that acl, and there is
no reason for it. So please update the 70-udev-acl.rules file to set
MODE=0660 on /dev/kvm
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/udev/+bug/1103022/+subscriptions
More information about the foundations-bugs
mailing list