On Fri, Sep 05, 2008 at 07:41:02AM -0000, Martin Pitt wrote: > TJ [2008-09-04 18:20 +0100]: > > The USB devices in /dev/bus/usb/*/* have root:root permissions. > > Obviously it wouldn't be a great idea to have VMs running as root so I > > was looking for an existing group that might be used to modify those > > permissions so that kvm/qemu can obtain read/write access to the > > devices. Without it USB support fails. > > Oh, hang on, it seems I misunderstood you in my previous reply. You > weren't talking about /dev/kvm, but the actual USB devices, for > propagating them through the kvm guest? In that case you really > shouldn't change anything. If the user can access those USB devices on > the host, then he should equally be able to access them on the guest, > since the kvm process runs under his user account and thus can use the > ACLs?
KVM is something of a special case here. Normally, users access USB devices via a kernel driver which presents an appropriate device node (e.g. /dev/sd* for mass storage devices), and sane permissions are set based on that cooked interface. For KVM USB pass-through, however, it needs access to the raw USB device (/dev/bus/usb/*/*) so that it can be presented as a virtual device to the guest OS. These raw USB device nodes are typically owned by root, because they could be anything and we don't know what the appropriate permissions should be. The device is released by the kernel driver, and KVM accesses it exclusively. Perhaps the raw device node permissions should be set to be the same as the cooked ones? This would at least avoid tweaking for devices recognized by the kernel. Alternatively, we could punt and say that USB pass-through requires root privileges or manual tweaking of the device node permissions. I'm not sure to what extent this feature is used in typical KVM usage; I would think it's mostly useful for reverse engineering and such. -- - mdz -- Could not open /proc/bus/usb/devices https://bugs.launchpad.net/bugs/156085 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
