From: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: Tue, 12 Jan 2021 12:03:37 +0000 (+0400)
Subject: udev: allow kvm group to access vhost-vsock device
X-Git-Tag: v248-rc1~340^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c78939d5652aaee2731956282c1c17aa9f7f710f;p=thirdparty%2Fsystemd.git

udev: allow kvm group to access vhost-vsock device

/dev/vhost-vsock allows to setup a guest CID and running
state (VHOST_VSOCK_SET_GUEST_CID, VHOST_VSOCK_SET_RUNNING)

All this should be legitimate and safe for KVM users.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---

diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in
index 6688b840d69..0cc70b1bd0d 100644
--- a/rules.d/50-udev-default.rules.in
+++ b/rules.d/50-udev-default.rules.in
@@ -86,6 +86,7 @@ KERNEL=="fuse", MODE="0666", OPTIONS+="static_node=fuse"
 KERNEL=="kvm", GROUP="kvm", MODE="@DEV_KVM_MODE@", OPTIONS+="static_node=kvm"
 
 KERNEL=="vsock", MODE="0666"
+KERNEL=="vhost-vsock", GROUP="kvm", MODE="@DEV_KVM_MODE@", OPTIONS+="static_node=vhost-vsock"
 
 KERNEL=="udmabuf", GROUP="kvm"
 
diff --git a/tmpfiles.d/static-nodes-permissions.conf.in b/tmpfiles.d/static-nodes-permissions.conf.in
index 50cffe2cd96..923ce7d93e8 100644
--- a/tmpfiles.d/static-nodes-permissions.conf.in
+++ b/tmpfiles.d/static-nodes-permissions.conf.in
@@ -15,3 +15,4 @@ z /dev/loop-control 0660 - disk  -
 z /dev/net/tun      0666 - -     -
 z /dev/fuse         0666 - -     -
 z /dev/kvm          @DEV_KVM_MODE@ - kvm -
+z /dev/vhost-vsock  @DEV_KVM_MODE@ - kvm -