udev: allow kvm group to access vhost-vsock device

/dev/vhost-vsock allows to setup a guest CID and running
state (VHOST_VSOCK_SET_GUEST_CID, VHOST_VSOCK_SET_RUNNING)

All this should be legitimate and safe for KVM users.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

2 files changed, 2 insertions, 0 deletions

diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in
index 6688b840d6..0cc70b1bd0 100644
--- a/rules.d/50-udev-default.rules.in
+++ b/rules.d/50-udev-default.rules.in
@@ -86,6 +86,7 @@ KERNEL=="fuse", MODE="0666", OPTIONS+="static_node=fuse"
 KERNEL=="kvm", GROUP="kvm", MODE="@DEV_KVM_MODE@", OPTIONS+="static_node=kvm"
 
 KERNEL=="vsock", MODE="0666"
+KERNEL=="vhost-vsock", GROUP="kvm", MODE="@DEV_KVM_MODE@", OPTIONS+="static_node=vhost-vsock"
 
 KERNEL=="udmabuf", GROUP="kvm"
 
diff --git a/tmpfiles.d/static-nodes-permissions.conf.in b/tmpfiles.d/static-nodes-permissions.conf.in
index 50cffe2cd9..923ce7d93e 100644
--- a/tmpfiles.d/static-nodes-permissions.conf.in
+++ b/tmpfiles.d/static-nodes-permissions.conf.in
@@ -15,3 +15,4 @@ z /dev/loop-control 0660 - disk  -
 z /dev/net/tun      0666 - -     -
 z /dev/fuse         0666 - -     -
 z /dev/kvm          @DEV_KVM_MODE@ - kvm -
+z /dev/vhost-vsock  @DEV_KVM_MODE@ - kvm -