Bug 497341 - Make the /dev/kvm device world accessible to all users by default
Make the /dev/kvm device world accessible to all users by default
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: qemu (Show other bugs)
rawhide
All Linux
high Severity medium
: ---
: ---
Assigned To: Glauber Costa
Fedora Extras Quality Assurance
:
Depends On:
Blocks: F12VirtTarget 500472
  Show dependency treegraph
 
Reported: 2009-04-23 09:03 EDT by Daniel Berrange
Modified: 2009-07-16 06:33 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-16 06:33:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Daniel Berrange 2009-04-23 09:03:24 EDT
Description of problem:
Currently the /dev/kvm device mode restricts access to just the root user. It is desirable for unprivileged user accounts to be able to run unprivileged QEMU instances and have them be fast. This means they need to be able to access /dev/kvm. Using a group is not desirable because we want virt to work well out of the box, without needing magic configs.

Previously there were some resource utilization concerns from unprivileged users accessing /dev/kvm, but to quote a discussion I had with Avi

[quote]
>Previously we didn't alow non-root access to /dev/kvm because this
>would  result in users guests pinning memory in the host preventing
>normal swap usage. This restriction should have been removed by
>now though, right ?  Are their any other resource usage implications
>remaining ?
>  

No known resource holes.  kvm does pin some kernel memory for each VM,
but the number of VMs a user can create is limited.
[/quote]


Ergo, we should make /dev/kvm mode 0666 by default

Version-Release number of selected component (if applicable):
qemu-0.10-8.fc11.x86_64
kernel-2.6.29.1-100.fc11.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Run qemu-kvm as non-root
2. 
3.
  
Actual results:
It cannot open /dev/kvm

Expected results:
It can open /dev/kvm

Additional info:
Comment 1 Mark McLoughlin 2009-05-04 11:55:31 EDT
Adding to F12 target
Comment 2 Fedora Admin XMLRPC Client 2009-05-07 08:12:33 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 3 Fedora Admin XMLRPC Client 2009-05-07 08:13:37 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 4 Fedora Admin XMLRPC Client 2009-05-07 08:14:04 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 5 Fedora Admin XMLRPC Client 2009-05-07 13:58:25 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 6 Mark McLoughlin 2009-05-21 16:41:27 EDT
See also:

  https://fedoraproject.org/wiki/Features/VirtPrivileges
Comment 7 Daniel Berrange 2009-07-16 06:33:21 EDT
Built into qemu-0.10.50-10.kvm87.fc12

Note You need to log in before you can comment on or make changes to this bug.