This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 96aeacd808bbde03997e7d699bed16605095c8a8 (commit) via 5cc7ae0926454f93998f7c25b931dae7eec0539d (commit) from 1dd61e0594e92155642039d3229e1505f8aea937 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 96aeacd808bbde03997e7d699bed16605095c8a8 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Fri Jun 17 13:06:41 2016 +0200
Change the default qemu user and group of libvirt
Changes the libvirt user to nobody and the group to kvm this is a bit safer as to use root for both.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5cc7ae0926454f93998f7c25b931dae7eec0539d Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Fri Jun 17 13:06:40 2016 +0200
Qemu: add a group kvm to access /dev/kvm eaiser
As a normal user, it is not possible to use qemu with KVM. This is bad because it is better when it is possible to start the machine with a less privileged user. To achieve this a group KVM is created and the access to /dev/kvm is allowed for this group. So every user in this group can use qemu with KVM. This change is also useful for libvirt because the VMs can be started with user nobody and group kvm.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/qemu/65-kvm.rules | 2 ++ config/rootfiles/packages/qemu | 1 + lfs/libvirt | 3 ++- lfs/qemu | 4 +++- src/paks/qemu/install.sh | 2 ++ 5 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 config/qemu/65-kvm.rules
Difference in files: diff --git a/config/qemu/65-kvm.rules b/config/qemu/65-kvm.rules new file mode 100644 index 0000000..569ded9 --- /dev/null +++ b/config/qemu/65-kvm.rules @@ -0,0 +1,2 @@ +KERNEL=="kvm", GROUP="kvm", MODE="0660" +KERNEL=="vhost-net", GROUP="kvm", MODE="0660", TAG+="uaccess", OPTIONS+="static_node=vhost-net" diff --git a/config/rootfiles/packages/qemu b/config/rootfiles/packages/qemu index 482087b..3b3f361 100644 --- a/config/rootfiles/packages/qemu +++ b/config/rootfiles/packages/qemu @@ -1,3 +1,4 @@ +lib/udev/rules.d/65-kvm.rules usr/bin/qemu usr/bin/qemu-arm usr/bin/qemu-ga diff --git a/lfs/libvirt b/lfs/libvirt index 3c7413f..5af28cb 100644 --- a/lfs/libvirt +++ b/lfs/libvirt @@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = i586 x86_64 PROG = libvirt -PAK_VER = 2 +PAK_VER = 3
DEPS = "libpciaccess libyajl ncat qemu"
@@ -84,6 +84,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --without-uml --without-vbox --without-lxc --without-esx --without-vmware --without-openvz \ --without-firewalld --without-network -with-interface --with-virtualport --with-macvtap \ --disable-nls --without-avahi --without-test-suite -without-dbus \ + --with-qemu-user=nobody --with-qemu-group=kvm \ --with-storage-dir --without-storage-fs --without-storage-lvm --without-storage-iscsi \ --without-storage-scsi --without-storage-mpath --without-storage-disk --without-storage-rbd --without-storage-sheepdog --without-storage-gluster --without-storage-zfs cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) diff --git a/lfs/qemu b/lfs/qemu index 804ec26..c32953c 100644 --- a/lfs/qemu +++ b/lfs/qemu @@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = i586 x86_64 PROG = qemu -PAK_VER = 18 +PAK_VER = 19
DEPS = "sdl spice"
@@ -95,6 +95,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) paxctl -m -r /usr/bin/qemu-arm paxctl -m -r /usr/bin/qemu-i386 paxctl -m -r /usr/bin/qemu-x86_64 + # install an udev script to set the permissions of /dev/kvm + cp -avf $(DIR_SRC)/config/qemu/65-kvm.rules /lib/udev/rules.d/65-kvm.rules
@rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/src/paks/qemu/install.sh b/src/paks/qemu/install.sh index a9f7321..e44ba5e 100644 --- a/src/paks/qemu/install.sh +++ b/src/paks/qemu/install.sh @@ -22,6 +22,8 @@ ############################################################################ # . /opt/pakfire/lib/functions.sh +#create the group kvm when they not exist +getent group kvm >/dev/null || groupadd kvm extract_files restore_backup ${NAME} echo shm /dev/shm tmpfs defaults,size=256M 0 0 >> /etc/fstab
hooks/post-receive -- IPFire 2.x development tree