Am 09.07.2018 um 20:37 schrieb Ben Hutchings:

> It is fairly mature, but it still has a large attack surface and
> occasional security issues that can be exploited by the VM owner.  So I
> think it make sense to restrict access to the kvm group and local
> logins.  This should mitigate the security issues on multiuser systems
> without too much disruption.

Ok, let's go with 0660 (root:kvm) + uaccess then
I'll include that in the next upload of udev.

Michael, feel free to drop
/lib/udev/rules.d/60-qemu-system-common.rules in a future upload of qemu
along with the creation of the kvm group from
qemu-system-common.postinst so we only have a single place (i.e. udev)
where the device permissions of /dev/kvm are setup.

Regards,
Michael
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to