1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
systemd/rules
Zbigniew Jędrzejewski-Szmek 5a664ca10f rules: add a rule to set /dev/kvm access mode and ownership (#5597)
Kernel default mode is 0600, but distributions change it to group kvm, mode
either 0660 (e.g. Debian) or 0666 (e.g. Fedora). Both approaches have valid
reasons (a stricter mode limits exposure to bugs in the kvm subsystem, a looser
mode makes libvirt and other virtualization mechanisms work out of the box for
unprivileged users over ssh).

In Fedora the qemu package carries the relevant rule, but it's nicer to have it
in systemd, so that the permissions are not dependent on the qemu package being
installed. Use of packaged qemu binaries is not required to make use of
/dev/kvm, e.g. it's possible to use a self-compiled qemu or some alternative.

https://bugzilla.redhat.com/show_bug.cgi?id=1431876

To accomodate both approaches, add a rule to set the mode in 50-udev-default.rules,
but allow the mode to be overridden with a --with-dev-kvm-mode configure rule.
The default is 0660, as the (slightly) more secure option.
2017-03-27 12:34:24 +02:00
..
.gitignore rules: add a rule to set /dev/kvm access mode and ownership (#5597) 2017-03-27 12:34:24 +02:00
50-udev-default.rules.in rules: add a rule to set /dev/kvm access mode and ownership (#5597) 2017-03-27 12:34:24 +02:00
60-block.rules rules: block: add support for pmem devices (#3683) 2016-07-08 17:43:56 +02:00
60-cdrom_id.rules rules: allow SPARC vdisk devices when identifying CD drives (#5599) 2017-03-20 11:22:54 +01:00
60-drm.rules rules: add persistent by-path drm rules (#5337) 2017-02-14 10:18:27 +01:00
60-evdev.rules rules: Add extended evdev/input match rules for event nodes with the same name 2017-02-12 12:43:23 +01:00
60-persistent-alsa.rules move imported udev into place 2012-04-04 05:05:07 +02:00
60-persistent-input.rules rules: set ID_BUS=bluetooth for any device with id/bustype attr of 0x0005 (#5539) 2017-03-07 07:55:58 +01:00
60-persistent-storage-tape.rules rules: UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG property (#3714) 2016-07-15 18:47:42 +02:00
60-persistent-storage.rules udev: Use parent bus id for virtio disk builtin path-id (#5500) 2017-03-01 15:30:17 -05:00
60-persistent-v4l.rules udev: move all unconditionally installed rules to rules/ 2012-04-14 20:10:03 +02:00
60-sensor.rules rules: allow quirks for platform input accelerometers 2017-03-03 21:23:39 +01:00
60-serial.rules rules: merge tty and serial rules file 2015-03-12 17:22:19 +01:00
64-btrfs.rules udev: add btrfs support 2012-09-17 13:54:03 +02:00
70-mouse.rules hwdb: add rule and first entry for PS/2 mice 2014-12-24 08:08:23 +10:00
70-touchpad.rules hwdb: add a 70-touchpad.hwdb to tag internal vs external touchpads 2016-07-01 15:25:34 +10:00
75-net-description.rules rules: net, tty description - ask hwdb explicitly for pci data 2013-07-21 16:33:27 +02:00
75-probe_mtd.rules build-sys: make loadable module support optional 2012-11-20 19:35:27 +01:00
78-sound-card.rules rules: identify internal sound cards on platform bus (#4893) 2016-12-15 23:11:11 +01:00
80-drivers.rules rules: drivers - do not reset RUN list 2014-01-03 01:32:03 +01:00
80-net-setup-link.rules udev: import the full db on MOVE events for devices without dev_t 2014-09-09 15:03:49 +02:00
99-systemd.rules.in rules: allow systemd to manage UBI volumes (#5214) 2017-02-03 09:26:50 +01:00
Makefile backlight: add minimal tool to save/restore screen brightness across reboots 2013-08-14 01:57:02 +02:00