Am 09.07.2018 um 20:37 schrieb Ben Hutchings: > It is fairly mature, but it still has a large attack surface and > occasional security issues that can be exploited by the VM owner. So I > think it make sense to restrict access to the kvm group and local > logins. This should mitigate the security issues on multiuser systems > without too much disruption.
Ok, let's go with 0660 (root:kvm) + uaccess then I'll include that in the next upload of udev. Michael, feel free to drop /lib/udev/rules.d/60-qemu-system-common.rules in a future upload of qemu along with the creation of the kvm group from qemu-system-common.postinst so we only have a single place (i.e. udev) where the device permissions of /dev/kvm are setup. Regards, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature