The /dev/vfio/vfio device file is intended to be an unprivileged interface. Only by attaching it to a group (/dev/vfio/$GROUP) does it allow privileged access. The group is therefore used to grant access and /dev/vfio/vfio can be used by anyone. Update the udev rules to provide this.
Signed-off-by: Alex Williamson <alex.william...@redhat.com> --- rules/50-udev-default.rules | 2 ++ src/login/70-uaccess.rules | 3 +++ 2 files changed, 5 insertions(+) diff --git a/rules/50-udev-default.rules b/rules/50-udev-default.rules index f764789..a5b6492 100644 --- a/rules/50-udev-default.rules +++ b/rules/50-udev-default.rules @@ -68,4 +68,6 @@ KERNEL=="tun", MODE="0666", OPTIONS+="static_node=net/tun" KERNEL=="fuse", MODE="0666", OPTIONS+="static_node=fuse" +SUBSYSTEM=="vfio", KERNEL=="vfio", MODE="0666" + LABEL="default_permissions_end" diff --git a/src/login/70-uaccess.rules b/src/login/70-uaccess.rules index a118f8e..a6f5507 100644 --- a/src/login/70-uaccess.rules +++ b/src/login/70-uaccess.rules @@ -71,4 +71,7 @@ ENV{DDC_DEVICE}=="*?", TAG+="uaccess" # media player raw devices (for user-mode drivers, Android SDK, etc.) SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess" +# VFIO +SUBSYSTEM=="vfio", KERNEL=="vfio", TAG+="uaccess" + LABEL="uaccess_end" _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel