diff options
author | Marc-André Lureau <marcandre.lureau@redhat.com> | 2021-01-12 16:03:37 +0400 |
---|---|---|
committer | Marc-André Lureau <marcandre.lureau@redhat.com> | 2021-01-13 13:10:19 +0400 |
commit | c78939d5652aaee2731956282c1c17aa9f7f710f (patch) | |
tree | 6297fbc298c814f78910f649cfde69f44aec33a6 | |
parent | c4446798fa45b29fe29f7eb9502c1f006df5bc0e (diff) | |
download | systemd-c78939d5652aaee2731956282c1c17aa9f7f710f.tar.gz |
udev: allow kvm group to access vhost-vsock device
/dev/vhost-vsock allows to setup a guest CID and running
state (VHOST_VSOCK_SET_GUEST_CID, VHOST_VSOCK_SET_RUNNING)
All this should be legitimate and safe for KVM users.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-rw-r--r-- | rules.d/50-udev-default.rules.in | 1 | ||||
-rw-r--r-- | tmpfiles.d/static-nodes-permissions.conf.in | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in index 6688b840d6..0cc70b1bd0 100644 --- a/rules.d/50-udev-default.rules.in +++ b/rules.d/50-udev-default.rules.in @@ -86,6 +86,7 @@ KERNEL=="fuse", MODE="0666", OPTIONS+="static_node=fuse" KERNEL=="kvm", GROUP="kvm", MODE="@DEV_KVM_MODE@", OPTIONS+="static_node=kvm" KERNEL=="vsock", MODE="0666" +KERNEL=="vhost-vsock", GROUP="kvm", MODE="@DEV_KVM_MODE@", OPTIONS+="static_node=vhost-vsock" KERNEL=="udmabuf", GROUP="kvm" diff --git a/tmpfiles.d/static-nodes-permissions.conf.in b/tmpfiles.d/static-nodes-permissions.conf.in index 50cffe2cd9..923ce7d93e 100644 --- a/tmpfiles.d/static-nodes-permissions.conf.in +++ b/tmpfiles.d/static-nodes-permissions.conf.in @@ -15,3 +15,4 @@ z /dev/loop-control 0660 - disk - z /dev/net/tun 0666 - - - z /dev/fuse 0666 - - - z /dev/kvm @DEV_KVM_MODE@ - kvm - +z /dev/vhost-vsock @DEV_KVM_MODE@ - kvm - |