udev: allow kvm group to access vhost-net device

/dev/vhost-net is a host accelerator for virtio net devices. It has been
long available and used, thus should be safe to all KVM users.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

2 files changed, 3 insertions, 0 deletions

diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in
index 0cc70b1bd0..369fdbc179 100644
--- a/rules.d/50-udev-default.rules.in
+++ b/rules.d/50-udev-default.rules.in
@@ -88,6 +88,8 @@ KERNEL=="kvm", GROUP="kvm", MODE="@DEV_KVM_MODE@", OPTIONS+="static_node=kvm"
 KERNEL=="vsock", MODE="0666"
 KERNEL=="vhost-vsock", GROUP="kvm", MODE="@DEV_KVM_MODE@", OPTIONS+="static_node=vhost-vsock"
 
+KERNEL=="vhost-net", GROUP="kvm", MODE="@DEV_KVM_MODE@", OPTIONS+="static_node=vhost-net"
+
 KERNEL=="udmabuf", GROUP="kvm"
 
 SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK += "ptp_kvm"
diff --git a/tmpfiles.d/static-nodes-permissions.conf.in b/tmpfiles.d/static-nodes-permissions.conf.in
index 923ce7d93e..e5aa8fdb20 100644
--- a/tmpfiles.d/static-nodes-permissions.conf.in
+++ b/tmpfiles.d/static-nodes-permissions.conf.in
@@ -15,4 +15,5 @@ z /dev/loop-control 0660 - disk  -
 z /dev/net/tun      0666 - -     -
 z /dev/fuse         0666 - -     -
 z /dev/kvm          @DEV_KVM_MODE@ - kvm -
+z /dev/vhost-net    @DEV_KVM_MODE@ - kvm -
 z /dev/vhost-vsock  @DEV_KVM_MODE@ - kvm -