GNU bug report logs - #36335
Is /dev/kvm missing ACLs?

Previous Next

Full log

Message #14 received at 36335 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Chris Marusich <cmmarusich <at> gmail.com>
Cc: 36335 <at> debbugs.gnu.org
Subject: Re: bug#36335: Is /dev/kvm missing ACLs?
Date: Thu, 27 Jun 2019 15:45:33 +0200

Hi Chris,

Chris Marusich <cmmarusich <at> gmail.com> skribis:

> Ludovic Courtès <ludo <at> gnu.org> writes:
>
>> Guix System doesn’t use ACLs at all.
>>
>> However, the udev rule for kvm sets it up like this:
>>
>>   crw-rw---- 1 root kvm 10, 232 Jun 24 08:38 /dev/kvm
>>
>> and the build users are part of the ‘kvm’ group.  I personally arrange
>> to have my user account in that group too.
>
> It's good to know that the "kvm" group is the right way to grant
> permissions.  However, if Guix System doesn't use ACLs, then why do some
> of my device files have ACLs on them, such as the video device file?
>
> $ getfacl /dev/video0 
> getfacl: Removing leading '/' from absolute path names
> # file: dev/video0
> # owner: root
> # group: video
> user::rw-
> user:marusich:rw-
> group::rw-
> mask::rw-
> other::---

Good question, I see the same thing here.

I suspected a udev rule but ‘grep’ didn’t find any that explicitly does
that, and there’s no code in eudev that fiddles with ACLs either, and
nothing obvious in devtmpfs.c in Linux.  So… it’s a mystery.

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.