Bug 497341 - Make the /dev/kvm device world accessible to all users by default
Summary: Make the /dev/kvm device world accessible to all users by default
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: qemu
Version: rawhide
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Glauber Costa
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: F12VirtTarget 500472
TreeView+ depends on / blocked
 
Reported: 2009-04-23 13:03 UTC by Daniel Berrangé
Modified: 2009-07-16 10:33 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-07-16 10:33:21 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Daniel Berrangé 2009-04-23 13:03:24 UTC
Description of problem:
Currently the /dev/kvm device mode restricts access to just the root user. It is desirable for unprivileged user accounts to be able to run unprivileged QEMU instances and have them be fast. This means they need to be able to access /dev/kvm. Using a group is not desirable because we want virt to work well out of the box, without needing magic configs.

Previously there were some resource utilization concerns from unprivileged users accessing /dev/kvm, but to quote a discussion I had with Avi

[quote]
>Previously we didn't alow non-root access to /dev/kvm because this
>would  result in users guests pinning memory in the host preventing
>normal swap usage. This restriction should have been removed by
>now though, right ?  Are their any other resource usage implications
>remaining ?
>  

No known resource holes.  kvm does pin some kernel memory for each VM,
but the number of VMs a user can create is limited.
[/quote]


Ergo, we should make /dev/kvm mode 0666 by default

Version-Release number of selected component (if applicable):
qemu-0.10-8.fc11.x86_64
kernel-2.6.29.1-100.fc11.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Run qemu-kvm as non-root
2. 
3.
  
Actual results:
It cannot open /dev/kvm

Expected results:
It can open /dev/kvm

Additional info:

Comment 1 Mark McLoughlin 2009-05-04 15:55:31 UTC
Adding to F12 target

Comment 2 Fedora Admin XMLRPC Client 2009-05-07 12:12:33 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 3 Fedora Admin XMLRPC Client 2009-05-07 12:13:37 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 4 Fedora Admin XMLRPC Client 2009-05-07 12:14:04 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 5 Fedora Admin XMLRPC Client 2009-05-07 17:58:25 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 6 Mark McLoughlin 2009-05-21 20:41:27 UTC
See also:

  https://fedoraproject.org/wiki/Features/VirtPrivileges

Comment 7 Daniel Berrangé 2009-07-16 10:33:21 UTC
Built into qemu-0.10.50-10.kvm87.fc12


Note You need to log in before you can comment on or make changes to this bug.