Comment 3 for bug 1103022

I'm assuming (hoping) comment #2 as entered before we proceeded with our irc conversation?

The 40-qemu-system.rules is not the problem and we're not trying to recover from it.
As mentioned in irc, the steps are:

 1. set up a new ubuntu system, it modprobes kvm_intel, /dev/kvm gets created,
 2. 70-udev-acl.rules sets /dev/kvm to root:root rwx------, and tags it with acl
 3. user logs in, something (consolekit?) adds a group::--- acl
 4. admin logs in remotely, installs qemu-system and libvirt-bin, which triggers udev with new rules,
 5. udev chowns /dev/kvm to root:kvm, and sets it to rwxrw----, but the group::--- acl remains
 6. libvirt tries to start a vm as group kvm, but the group:--- acl refuses it

The patch I proposed here simply sets GROUP=0660 in the 70-udev-acl.rules. That way the group:: acl still gets added on login, but becomes group::rw-. So it's a workaround for whatever is adding that acl in the first place.

As discussed on irc, I'll see if I can figure out what exactly is causing that
group acl to be (needlessly) written.