[Bug 1103022] Re: 70-udev-acl.rules needs to put g+rw on /dev/kvm
Serge Hallyn
1103022 at bugs.launchpad.net
Tue Jan 29 07:12:24 UTC 2013
In fact udev-acl appears to be doing it.
When logging into a simple ubuntu desktop with qemu-system not
installed, I log in and find /dev/kvm is root:root rwm------ with a
group::--- acl installed. I verify the acl by doing 'chmod g+rw
/dev/kvm' followed by ls -l /dev/kvm and getfacl /dev/kvm showng that
/dev/kvm is now rwxrw---- but the group::--- acl is still there.
Next I moved /usr/lib/ConsoleKit/run-seat.d/udev-acl.ck to /root/ and
rebooted, and ssh'd in. Now /dev/kvm had no acls and was
serge at ubuntu:~$ ls -l /dev/kvm
crw-rw---- 1 root root 10, 232 Jan 29 01:04 /dev/kvm
serge at ubuntu:~$ getfacl /dev/kvm
getfacl: Removing leading '/' from absolute path names
# file: dev/kvm
# owner: root
# group: root
user::rw-
group::rw-
other::---
(I next undid this by doing 'chmod g-rw /dev/kvm')
Next I manually ran:
/lib/udev/udev-acl -a change --device=/dev/kvm
after this, I got:
root at ubuntu:~# getfacl /dev/kvm
getfacl: Removing leading '/' from absolute path names
# file: dev/kvm
# owner: root
# group: root
user::rw-
user:lightdm:rw-
group::---
mask::rw-
other::---
root at ubuntu:~# chmod g+rw /dev/kvm
root at ubuntu:~# getfacl /dev/kvm
getfacl: Removing leading '/' from absolute path names
# file: dev/kvm
# owner: root
# group: root
user::rw-
user:lightdm:rw-
group::---
mask::rw-
other::---
showing that running udev-acl.ck is what is causing the group acl to be
created, even though it's not obvious, looking at the udev-acl.c code,
how it would do so.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to udev in Ubuntu.
https://bugs.launchpad.net/bugs/1103022
Title:
70-udev-acl.rules needs to put g+rw on /dev/kvm
Status in “udev” package in Ubuntu:
Confirmed
Bug description:
When qemu-system gets installed, the newly installed udev rule causes
/dev/kvm to gets chgrpd to kvm and its mode to get set to g+rw.
However, because /dev/kvm was tagged with ACL previously, there is a
group:: acl on /dev/kvm which does not get removed. Therefore
/dev/kvm is g+rw in the file mode, but the acl denies group read/write
access. After a reboot all is fine.
I have not seen a clean way to have udev remove that acl, and there is
no reason for it. So please update the 70-udev-acl.rules file to set
MODE=0660 on /dev/kvm
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/udev/+bug/1103022/+subscriptions
More information about the foundations-bugs
mailing list