On Sun, Mar 17, 2013 at 03:11:52PM +0100, Yves-Alexis Perez wrote: > On dim., 2013-03-17 at 13:40 +0100, Salvatore Bonaccorso wrote: > > Only now back. It looks like Guido already found the issue. But here > > for reference the settings on the system where I saw this too (tough > > in my case the VMs do not crash): > > > > # ls -l /dev/kvm > > crw-rw---- 1 root kvm 10, 232 Mar 11 06:47 /dev/kvm > > # id libvirt-qemu > > uid=108(libvirt-qemu) gid=112(kvm) groups=112(kvm),115(libvirt-qemu) > > # getent group kvm > > kvm:x:112: > > I'm a bit puzzled. It looks like libvirt-qemu user should have > permissions on kvm then.
Older libvirt (prior to 0.8.6) lack the proper initgroup calls. Without these the process runs as libvirt-qemu:libvirt-qemu without any othter group membership and therefore isn't allowed to access /dev/kvm. That was the main motivation for using group kvm instead of separate group in squeeze. I vaguely remembered this when preparing the sec update and therefore did extra testing but since the only kvm capable squeeze box around here had a non standard setup (I need to test the stable as well as the backports version on that one) this problem didn't show up and I didn't check the code itself. Cheers, -- Guido -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
