[v2,1/2] Qemu: add a group kvm to access /dev/kvm eaiser
Message ID | 1466161601-702-1-git-send-email-jonatan.schlag@ipfire.org |
---|---|
State | Accepted |
Commit | 5cc7ae0926454f93998f7c25b931dae7eec0539d |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (hedwig.ipfire.org [172.28.1.200]) by web02.ipfire.org (Postfix) with ESMTP id EE1F561C25 for <patchwork@ipfire.org>; Fri, 17 Jun 2016 12:57:22 +0200 (CEST) Received: from mail01.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 5C0DBC2C; Fri, 17 Jun 2016 12:57:22 +0200 (CEST) Received: from fangorn.local.familyschlag (dslb-088-073-213-060.088.073.pools.vodafone-ip.de [88.73.213.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id E0541C09; Fri, 17 Jun 2016 12:57:20 +0200 (CEST) From: Jonatan Schlag <jonatan.schlag@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH v2 1/2] Qemu: add a group kvm to access /dev/kvm eaiser Date: Fri, 17 Jun 2016 13:06:40 +0200 Message-Id: <1466161601-702-1-git-send-email-jonatan.schlag@ipfire.org> X-Mailer: git-send-email 2.1.4 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <http://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <http://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Message
Jonatan Schlag
June 17, 2016, 9:06 p.m. UTC
As a normal user, it is not possible to use qemu with KVM. This is bad
because it is better when it is possible to start the machine with a
less privileged user. To achieve this a group KVM is created and the
access to /dev/kvm is allowed for this group. So every user in this
group can use qemu with KVM.
This change is also useful for libvirt because the VMs can be started
with user nobody and group kvm.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
---
config/qemu/65-kvm.rules | 2 ++
config/rootfiles/packages/qemu | 1 +
lfs/qemu | 4 +++-
src/paks/qemu/install.sh | 2 ++
4 files changed, 8 insertions(+), 1 deletion(-)
create mode 100644 config/qemu/65-kvm.rules