Bug 1665469
Summary: | (AMD SEV) Overly restrictive permissions on the /dev/sev device | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Erik Skultety <eskultet> |
Component: | systemd | Assignee: | Jan Synacek <jsynacek> |
Status: | CLOSED WONTFIX | QA Contact: | qe-baseos-daemons |
Severity: | unspecified | Docs Contact: | |
Priority: | high | ||
Version: | 8.0 | CC: | eskultet, jsynacek, rbalakri, systemd-maint-list, virt-bugs, wchadwic |
Target Milestone: | rc | ||
Target Release: | 8.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | 1665400 | Environment: | |
Last Closed: | 2019-01-24 16:05:40 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1654309, 1665400, 1671791 |
Description
Erik Skultety
2019-01-11 14:04:34 UTC
There's been a turn of events in virt (libvirt+QEMU) which resulted in me starting an upstream discussion here: https://www.redhat.com/archives/libvir-list/2019-January/msg00630.html which means that having an udev rule for /dev/sev might actually not turn up to be a good idea. It mainly depends on the input we get from AMD developers. Ok. From systemd's point of view, the patch is trivial. Please, let us know about the final decision. Closing as WONTFIX for now, since there is a potential security risk even with a 0644 rule at the moment. This needs to be addressed in kernel first. I'll reopen in the future if necessary. |