70-udev-acl.rules needs to put g+rw on /dev/kvm
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
qemu (Ubuntu) |
Fix Released
|
High
|
Serge Hallyn | ||
qemu-kvm (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
High
|
Unassigned |
Bug Description
When qemu-system gets installed, the newly installed udev rule causes /dev/kvm to gets chgrpd to kvm and its mode to get set to g+rw. However, because /dev/kvm was tagged with ACL previously, there is a group:: acl on /dev/kvm which does not get removed. Therefore /dev/kvm is g+rw in the file mode, but the acl denies group read/write access. After a reboot all is fine.
I have not seen a clean way to have udev remove that acl, and there is no reason for it. So please update the 70-udev-acl.rules file to set MODE=0660 on /dev/kvm
================
SRU Justification
1. Impact: when qemu-kvm is first installed, /dev/kvm is not owned by group kvm (until subsequent reboot). This prevents libvirt from using kvm until a reboot.
2. Development fix: add group kvm during preinst. (this was done in precise, but accidentally dropped in a merge from debian in quantal)
3. Stable fix: same as development fix
4. Test case: Create a new quantal vm. sudo apt-get install qemu-kvm. ls -l /dev/kvm, check that it is owned by group kvm. Note if you've install qemu-kvm previously, purging it is not enough before retesting - you must also remove the kvm group entry.
5. Regression potential: none
Related branches
Changed in udev (Ubuntu): | |
importance: | Undecided → High |
status: | New → Confirmed |
tags: | added: patch |
description: | updated |
tags: | removed: patch |
Changed in qemu-kvm (Ubuntu Quantal): | |
assignee: | Serge Hallyn (serge-hallyn) → nobody |
As discussed on IRC: As this is an one-time upgrade fix for cleaning up after the currently wrong /lib/udev/ rules.d/ 40-qemu- system. rules, I'd much rather like to see this as an one-time action in postinst (which is the standard way of doing such operations on upgrade) than this patch, which would confuse matters even more and also potentially breaks custom rules which change the permissions of /dev/kvm.