public inbox for ipfire-scm@lists.ipfire.org
 help / color / mirror / Atom feed
* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 96aeacd808bbde03997e7d699bed16605095c8a8
@ 2016-06-20 15:26 git
  0 siblings, 0 replies; only message in thread
From: git @ 2016-06-20 15:26 UTC (permalink / raw)
  To: ipfire-scm

[-- Attachment #1: Type: text/plain, Size: 5169 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  96aeacd808bbde03997e7d699bed16605095c8a8 (commit)
       via  5cc7ae0926454f93998f7c25b931dae7eec0539d (commit)
      from  1dd61e0594e92155642039d3229e1505f8aea937 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 96aeacd808bbde03997e7d699bed16605095c8a8
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date:   Fri Jun 17 13:06:41 2016 +0200

    Change the default qemu user and group of libvirt
    
    Changes the libvirt user to nobody and the group to kvm this is a bit
    safer as to use root for both.
    
    Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 5cc7ae0926454f93998f7c25b931dae7eec0539d
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date:   Fri Jun 17 13:06:40 2016 +0200

    Qemu: add a group kvm to access /dev/kvm eaiser
    
    As a normal user, it is not possible to use qemu with KVM. This is bad
    because it is better when it is possible to start the machine with a
    less privileged user. To achieve this a group KVM is created and the
    access to /dev/kvm is allowed for this group. So every user in this
    group can use qemu with KVM.
    This change is also useful for libvirt because the VMs can be started
    with user nobody and group kvm.
    
    Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/qemu/65-kvm.rules       | 2 ++
 config/rootfiles/packages/qemu | 1 +
 lfs/libvirt                    | 3 ++-
 lfs/qemu                       | 4 +++-
 src/paks/qemu/install.sh       | 2 ++
 5 files changed, 10 insertions(+), 2 deletions(-)
 create mode 100644 config/qemu/65-kvm.rules

Difference in files:
diff --git a/config/qemu/65-kvm.rules b/config/qemu/65-kvm.rules
new file mode 100644
index 0000000..569ded9
--- /dev/null
+++ b/config/qemu/65-kvm.rules
@@ -0,0 +1,2 @@
+KERNEL=="kvm", GROUP="kvm", MODE="0660"
+KERNEL=="vhost-net", GROUP="kvm", MODE="0660", TAG+="uaccess", OPTIONS+="static_node=vhost-net"
diff --git a/config/rootfiles/packages/qemu b/config/rootfiles/packages/qemu
index 482087b..3b3f361 100644
--- a/config/rootfiles/packages/qemu
+++ b/config/rootfiles/packages/qemu
@@ -1,3 +1,4 @@
+lib/udev/rules.d/65-kvm.rules
 usr/bin/qemu
 usr/bin/qemu-arm
 usr/bin/qemu-ga
diff --git a/lfs/libvirt b/lfs/libvirt
index 3c7413f..5af28cb 100644
--- a/lfs/libvirt
+++ b/lfs/libvirt
@@ -33,7 +33,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 SUP_ARCH   = i586 x86_64
 PROG       = libvirt
-PAK_VER    = 2
+PAK_VER    = 3
 
 DEPS       = "libpciaccess libyajl ncat qemu"
 
@@ -84,6 +84,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 			--without-uml --without-vbox --without-lxc --without-esx --without-vmware --without-openvz \
 			--without-firewalld --without-network -with-interface --with-virtualport --with-macvtap \
 			--disable-nls --without-avahi --without-test-suite -without-dbus \
+			--with-qemu-user=nobody --with-qemu-group=kvm \
 			--with-storage-dir --without-storage-fs --without-storage-lvm  --without-storage-iscsi \
 			--without-storage-scsi --without-storage-mpath --without-storage-disk --without-storage-rbd --without-storage-sheepdog --without-storage-gluster  --without-storage-zfs
 	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
diff --git a/lfs/qemu b/lfs/qemu
index 804ec26..c32953c 100644
--- a/lfs/qemu
+++ b/lfs/qemu
@@ -33,7 +33,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 SUP_ARCH   = i586 x86_64
 PROG       = qemu
-PAK_VER    = 18
+PAK_VER    = 19
 
 DEPS       = "sdl spice"
 
@@ -95,6 +95,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	paxctl -m -r /usr/bin/qemu-arm
 	paxctl -m -r /usr/bin/qemu-i386
 	paxctl -m -r /usr/bin/qemu-x86_64
+	# install an udev script to set the permissions of /dev/kvm
+	cp -avf $(DIR_SRC)/config/qemu/65-kvm.rules /lib/udev/rules.d/65-kvm.rules
 
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)
diff --git a/src/paks/qemu/install.sh b/src/paks/qemu/install.sh
index a9f7321..e44ba5e 100644
--- a/src/paks/qemu/install.sh
+++ b/src/paks/qemu/install.sh
@@ -22,6 +22,8 @@
 ############################################################################
 #
 . /opt/pakfire/lib/functions.sh
+#create the group kvm when they not exist
+getent group kvm >/dev/null || groupadd kvm
 extract_files
 restore_backup ${NAME}
 echo shm	/dev/shm	tmpfs	defaults,size=256M	0	0 >> /etc/fstab


hooks/post-receive
--
IPFire 2.x development tree

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2016-06-20 15:26 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-20 15:26 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 96aeacd808bbde03997e7d699bed16605095c8a8 git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox