From e91100c0c18f76390bfa9d265c19bb461a67a657 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 26 Oct 2023 16:04:36 +0200 Subject: [PATCH] action: Make logic for unprivileged KVM access more robust - Copy static-nodes-permissions.conf to /etc before modifying so our modifications don't get overwritten if systemd is updated. - Add udev rules to set the permissions correctly as well --- action.yaml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/action.yaml b/action.yaml index aefe5220e..b0315b7e1 100644 --- a/action.yaml +++ b/action.yaml @@ -8,11 +8,22 @@ runs: - name: Permit unprivileged access to kvm, vhost-vsock and vhost-net devices shell: bash run: | - sudo sed -i '/kvm/s/0660/0666/g' /usr/lib/tmpfiles.d/static-nodes-permissions.conf - sudo sed -i '/vhost/s/0660/0666/g' /usr/lib/tmpfiles.d/static-nodes-permissions.conf + sudo mkdir -p /etc/tmpfiles.d + sudo cp /usr/lib/tmpfiles.d/static-nodes-permissions.conf /etc/tmpfiles.d/ + sudo sed -i '/kvm/s/0660/0666/g' /etc/tmpfiles.d/static-nodes-permissions.conf + sudo sed -i '/vhost/s/0660/0666/g' /etc/tmpfiles.d/static-nodes-permissions.conf + sudo tee /etc/udev/rules.d/99-kvm4all.rules <<- EOF + KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm" + KERNEL=="vhost-vsock", GROUP="kvm", MODE="0666", OPTIONS+="static_node=vhost-vsock" + KERNEL=="vhost-net", GROUP="kvm", MODE="0666", OPTIONS+="static_node=vhost-net" + EOF + sudo udevadm control --reload-rules sudo modprobe kvm sudo modprobe vhost_vsock sudo modprobe vhost_net + [[ -e /dev/kvm ]] && sudo udevadm trigger --name-match=kvm + sudo udevadm trigger --name-match=vhost-vsock + sudo udevadm trigger --name-match=vhost-net [[ -e /dev/kvm ]] && sudo chmod 666 /dev/kvm sudo chmod 666 /dev/vhost-vsock sudo chmod 666 /dev/vhost-net -- 2.47.2