Bug 245728 - running kvm via a normal user
Summary: running kvm via a normal user
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: kvm   
(Show other bugs)
Version: 7
Hardware: i386
OS: Linux
low
low
Target Milestone: ---
Assignee: Jeremy Katz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-06-26 11:12 UTC by Deependra Singh Shekhawat
Modified: 2007-11-30 22:12 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-26 22:25:43 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Deependra Singh Shekhawat 2007-06-26 11:12:42 UTC
Description of problem:

I want to use virt-manager to utilize full virtualization provided by kvm as a
normal user. But I found that it is not possible. Either I need to run
virt-manager as root user or I need to add the normal user to sudoers list.
Isn't it possible to provide virtualization access to normal users too via
having some kind of udev rules.


Version-Release number of selected component (if applicable):
kvm-24-1
kernel-2.6.21-1.3228.fc7

Comment 1 Jeremy Katz 2007-06-26 22:25:43 UTC
The problem is that this allows the user to lock large amounts of memory on the
system which could be a DoS.  

Comment 2 Josh Cogliati 2007-10-19 20:09:43 UTC
An alternative is to at least create a group kvm and then allow anyone in the
group to run kvm.  
All that needs to be done is add a kvm group and the following line somewhere in
a file in /etc/udev/rules.d/
KERNEL=="kvm",MODE="0660",GROUP="kvm"

Then the system admin can add users to kvm or not depending on whether they are
worried about the DoS possibilities.



Comment 3 Josh Cogliati 2007-11-14 18:30:26 UTC
See bug 346151 for a similar request.


Note You need to log in before you can comment on or make changes to this bug.