From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH 1/2] Qemu: add a group kvm to access /dev/kvm eaiser Date: Thu, 16 Jun 2016 09:31:52 +0100 Message-ID: <1466065912.18263.12.camel@ipfire.org> In-Reply-To: <1465551408-1022-1-git-send-email-jonatan.schlag@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2498776563577525355==" List-Id: --===============2498776563577525355== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Fri, 2016-06-10 at 11:36 +0200, Jonatan Schlag wrote: > As a normal user, it is not possible to use qemu with KVM. This is bad > because it is better when it is possible to start the machine with a > less privileged user. To achieve this a group KVM is created and the > access to /dev/kvm is allowed for this group. So every user in this > group can use qemu with KVM. > This change is also useful for libvirt because the VMs can be started > with user nobody and group kvm. >=20 > Signed-off-by: Jonatan Schlag > --- > =C2=A0config/qemu/65-kvm.rules=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| 2= ++ > =C2=A0config/rootfiles/packages/qemu | 1 + > =C2=A0lfs/qemu=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0| 4 +++- > =C2=A0src/paks/qemu/install.sh=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| 2= ++ > =C2=A04 files changed, 8 insertions(+), 1 deletion(-) > =C2=A0create mode 100644 config/qemu/65-kvm.rules >=20 > diff --git a/config/qemu/65-kvm.rules b/config/qemu/65-kvm.rules > new file mode 100644 > index 0000000..569ded9 > --- /dev/null > +++ b/config/qemu/65-kvm.rules > @@ -0,0 +1,2 @@ > +KERNEL=3D=3D"kvm", GROUP=3D"kvm", MODE=3D"0660" > +KERNEL=3D=3D"vhost-net", GROUP=3D"kvm", MODE=3D"0660", TAG+=3D"uaccess", > OPTIONS+=3D"static_node=3Dvhost-net" > diff --git a/config/rootfiles/packages/qemu b/config/rootfiles/packages/qemu > index 482087b..3b3f361 100644 > --- a/config/rootfiles/packages/qemu > +++ b/config/rootfiles/packages/qemu > @@ -1,3 +1,4 @@ > +lib/udev/rules.d/65-kvm.rules > =C2=A0usr/bin/qemu > =C2=A0usr/bin/qemu-arm > =C2=A0usr/bin/qemu-ga > diff --git a/lfs/qemu b/lfs/qemu > index 804ec26..c32953c 100644 > --- a/lfs/qemu > +++ b/lfs/qemu > @@ -33,7 +33,7 @@ DIR_APP=C2=A0=C2=A0=C2=A0=C2=A0=3D $(DIR_SRC)/$(THISAPP) > =C2=A0TARGET=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D $(DIR_INFO)/$(THISAPP) > =C2=A0SUP_ARCH=C2=A0=C2=A0=C2=A0=3D i586 x86_64 > =C2=A0PROG=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D qemu > -PAK_VER=C2=A0=C2=A0=C2=A0=C2=A0=3D 18 > +PAK_VER=C2=A0=C2=A0=C2=A0=C2=A0=3D 19 > =C2=A0 > =C2=A0DEPS=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D "sdl spice" > =C2=A0 > @@ -95,6 +95,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > =C2=A0 paxctl -m -r /usr/bin/qemu-arm > =C2=A0 paxctl -m -r /usr/bin/qemu-i386 > =C2=A0 paxctl -m -r /usr/bin/qemu-x86_64 > + # install an udev script to set the permissions of /dev/kvm > + cp -avf $(DIR_SRC)/config/qemu/65-kvm.rules /lib/udev/rules.d/65- > kvm.rules > =C2=A0 > =C2=A0 @rm -rf $(DIR_APP) > =C2=A0 @$(POSTBUILD) > diff --git a/src/paks/qemu/install.sh b/src/paks/qemu/install.sh > index a9f7321..9afe7f9 100644 > --- a/src/paks/qemu/install.sh > +++ b/src/paks/qemu/install.sh > @@ -22,6 +22,8 @@ > =C2=A0#####################################################################= ####### > =C2=A0# > =C2=A0. /opt/pakfire/lib/functions.sh > +create the group kvm when they not exist The line above should be a comment... > +getent group kvm >/dev/null || groupadd kvm > =C2=A0extract_files > =C2=A0restore_backup ${NAME} > =C2=A0echo shm /dev/shm tmpfs defaults,size=3D256M 0=09 > 0 >> /etc/fstab --===============2498776563577525355== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUFC Q2dBR0JRSlhZbVA0QUFvSkVJQjU4UDl2a0FrSGNqNFFBSThVdTQ5YVZEUm1CWmJpTm5oTHJPazQK SWM3cGgxSmQxNWtrRHlzcGlYS3JROVNSbndHbEtqZmE2WkR5OWQybjh5S0NuaDlwcEtGaEp3cXNN WWU4b3JsdgpXMW5oV0VqQ3AwcUx3TmNLc3FLU3ZUcFNvUG1FTE50YW1QZjRrSHkzZXhsYXdxdjBE S3h6ejVMTFUrc3ZvSXd1CkpCT0FKZW5kVDdFN21GaSsxNUI5OWovZlQ4QjJuNVdUdVFucFZxNkRn dUR0M3Z3SGduRmNxR0FkNmpoeVJIV1YKSWJZR1VMUm1tTG5CS1g1UTh3YkhDN0VOOE5xdjU4bTJR aSs2aGlMbVlWeHJKZStYZFN3SGtmTnNtMHA5U2k0Kwo5a2JCUzZYc0JLdW5qblpoYjVUSHZ6TUJZ VkFhQ2dsb2R0MjlnNWJnektydUppYndpK1BpSzJQWS82Ny9EanpZCms2dzNRMlNJMzRXQUhoUWV2 Rk54bWZuc3NrT3NhZXMrSm9TWjhURkpmNGFnSkpPUzkwbnNpblhYTEdKS3RQMlMKSzZUTHFWTmVM QTR3dGJ5S05nMml0SlZCc2drSDd4NkluZ0tDU2RTakNlRkdYWTBjdVJaU2V0dGdXZTBCLzZveAoz VWd1Z1BFd2Vkd0hGdmRvckc3ZlA5Y2NBam9aKzlNV2szeGc1dGEyWENhbEhnajArVXl5dVpWSThj YWgrQmtrCkZGTzlwRndTQWtzVU4yV1ZSR05OUzFjeTdoZ2FSbmg4ZmQzU1FmV3FDZmh5YWdRTDMv WHlCaEp2MkpvMEE4MkQKTEtaZGF6NHV1RXVkSW5OeTEwRVZwd29hb0gxYytCckhPQXd3eUM0MFdV VS9PTllzUFhYRnNIREdSa0dsaVh0NwozMkY0eGtiL2UwZmxwblEyK1hpYgo9Zno2TQotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============2498776563577525355==--