X-Loop: help-debbugs@HIDDEN Subject: bug#36335: Is /dev/kvm missing ACLs? Resent-From: Chris Marusich <cmmarusich@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: bug-guix@HIDDEN Resent-Date: Sun, 23 Jun 2019 04:21:02 +0000 Resent-Message-ID: <handler.36335.B.156126361129770 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: report 36335 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 36335 <at> debbugs.gnu.org X-Debbugs-Original-To: bug-guix@HIDDEN Received: via spool by submit <at> debbugs.gnu.org id=B.156126361129770 (code B ref -1); Sun, 23 Jun 2019 04:21:02 +0000 Received: (at submit) by debbugs.gnu.org; 23 Jun 2019 04:20:11 +0000 Received: from localhost ([127.0.0.1]:52805 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1hetz8-0007k6-Nm for submit <at> debbugs.gnu.org; Sun, 23 Jun 2019 00:20:10 -0400 Received: from lists.gnu.org ([209.51.188.17]:54992) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <cmmarusich@HIDDEN>) id 1hetz7-0007jy-Hi for submit <at> debbugs.gnu.org; Sun, 23 Jun 2019 00:20:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57666) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from <cmmarusich@HIDDEN>) id 1hetz6-0002Ei-LC for bug-guix@HIDDEN; Sun, 23 Jun 2019 00:20:09 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,FREEMAIL_FROM autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <cmmarusich@HIDDEN>) id 1hetz5-0004Rn-PY for bug-guix@HIDDEN; Sun, 23 Jun 2019 00:20:08 -0400 Received: from mail-pl1-x62f.google.com ([2607:f8b0:4864:20::62f]:40167) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from <cmmarusich@HIDDEN>) id 1hetz5-0004Qp-Fz for bug-guix@HIDDEN; Sun, 23 Jun 2019 00:20:07 -0400 Received: by mail-pl1-x62f.google.com with SMTP id a93so4993326pla.7 for <bug-guix@HIDDEN>; Sat, 22 Jun 2019 21:20:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:user-agent:mime-version; bh=0eCvwliti82tMx+3/MAlkWk2xhUr0jkbfbtl8uMxmmo=; b=OkfwK5NT7HuZDYeC2RSUIp9O/Bl/4dbXEOcrDQDA3ltSYQLZ0WgmrKoSBdwPjl9d0y 2V5hnPFJ+sY2QYZ0TonljLM4/Q29azRZalLEQuouttly/fvKvam2Ul6DqQp/g6Graq+O Mpxp25Hv5F2ONhpFb4FJTwq41RFgt+dFzzhZ8Nq6ZnlMLLALQuzk4Re2vrU0i6IOOPpT O6d4LRZ+EA5X1qK0PSf0kj0TOEWZEvYWPjSlWqSrum1kfvX7Xi1MHTtTqeh+j/+STPjC 8qtslkABNvloA8lwwfXuyxcPdW6yZtvpN6Xlr+wBVZf6yQL0wqYdINdrpZvgE3xXjdYo Bomw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:user-agent :mime-version; bh=0eCvwliti82tMx+3/MAlkWk2xhUr0jkbfbtl8uMxmmo=; b=RgCUq/0pHrQzKPeyG8pysn7m6d9LuqeqTn4obhXiENXRNqxafPzSI++qMDGS8XMbCe RvdaeWcIxgRZL6rtWj+9OcZpSA6970m3GRvl++riMMJcpGKqwmTl1I5jB3MujDLRe2ED ZNN7R9eGIlMWJMvMY7Dt+IF2JcNqXXQzHFKk1FzhQeIwoOWKKccgMZ6PSmBfbdxJ3LFk 3dCOHr0WhnYlIVNHXEK01h5v8Gl4oc8nMrrhTeQTRUT4EQvaO0X2LjXwx07FqivgAMG6 a4aJdHdVgj0wnMu68V0B/0oSw3wLmqYLy3HIP8KHwDrsP0w2Pfksn9qOdzdiPdUsBEpJ iRSA== X-Gm-Message-State: APjAAAVeB600+evwuKnBHnf7LKmNDwWLwDYY3ZwBVQRaLh6T8ZmZvgZe LaJDwEU/Fp2LtZfhRVKdwrBf6c5X X-Google-Smtp-Source: APXvYqw1mqRGqSIciNfqQHebbHcPWGzmHw33IXPu3yZ+Z2QjBBf+UkXfkRCpV+3ZqcDF3ibPtCijSA== X-Received: by 2002:a17:902:848b:: with SMTP id c11mr117759092plo.217.1561263605823; Sat, 22 Jun 2019 21:20:05 -0700 (PDT) Received: from garuda.local ([2601:601:9d80:25b2::d12]) by smtp.gmail.com with ESMTPSA id d187sm7641106pfa.38.2019.06.22.21.20.04 for <bug-guix@HIDDEN> (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 22 Jun 2019 21:20:04 -0700 (PDT) From: Chris Marusich <cmmarusich@HIDDEN> Date: Sat, 22 Jun 2019 21:20:03 -0700 Message-ID: <87sgs1c4r0.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::62f X-Spam-Score: -1.3 (-) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.3 (--) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi, I was trying to run some VMs via "guix system vm", and I noticed that I didn't have permission to use KVM. This issue can be worked around by running qemu as root, or by adding yourself to the "kvm" group. However, I found it curious that the /dev/kvm device didn't have ACLs granting me access: =2D-8<---------------cut here---------------start------------->8--- $ getfacl /dev/kvm getfacl: Removing leading '/' from absolute path names # file: dev/kvm # owner: root # group: kvm user::rw- group::rw- other::--- =2D-8<---------------cut here---------------end--------------->8--- Is it expected that on Guix System, /dev/kvm does not by default receive ACLs granting me access? I'm logged into a GNOME session via GDM, and I was under the impression that logind or udevd would automatically set up ACLs for me to access local devices, such as /dev/kvm and /dev/sr0, in this case. Note that I DO have ACLs for some other devices, such as video0: =2D-8<---------------cut here---------------start------------->8--- $ getfacl /dev/video0 getfacl: Removing leading '/' from absolute path names # file: dev/video0 # owner: root # group: video user::rw- user:marusich:rw- group::rw- mask::rw- other::--- =2D-8<---------------cut here---------------end--------------->8--- =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl0O/fMACgkQ3UCaFdgi Rp3oTw//c+BeaSCb0JZaRk5Bj80bswCV9Wll9cOLAymneGeZ8RB73JquD/aMtFWN 9sdueKSK9X7HOy/v247PNzBwZ8K8axOFFgCd1jsI9LVgUNT4xdCsZgGDYoEYjbbQ oGWmr4hY/L3i3aVlVl2QLxBTd+af3HnVm1xSYWWAfxBcdprf7gn+a9lJ40jbP4XE CT4n920J9C17aLnPBrx34RHcLFZXsoEt9JLixQopmgV8l3uD1NlCbG9p9cVJeG17 mk1RraAZZaGe0jb433QcZrrdwKkbk7OrQmS1LxqnMau2Q4seLbew1BDwtpB3LAjo jQ9SA24sXTjqtV/2zxpiRfA0dgWNxAzXCVYJLKRiHfyhDg56VUcSN86qdrVMVgm4 sMSO8hYazshjQZ6Lou76OuQNnRDKn/wRK4u24kBqurvlV+CvGlhwsdBLn+JGhArV O6v4omOwESUaTnHXJbjnbqE2wDqHgXxQ9KEsEyNVhMs6w87upLj9cx/npvHv+9Z0 LFOzlS7TedfaKrQ9VglJIVnRIAl19/ImMZl3GXv4nEwISlTpViczQsl3FcSM+1jJ 2JmIrH4f/jEKWiAPnth0XjG/A7qDQdn2MbUOpbsIUzPr1CZAMzA8h5v/SVSoIrJ7 EG4iHbFHfLQZnsGeH4+swKNT4d5X8i0o2Gr+2CCrrDge3I+aw1Y= =I5Ij -----END PGP SIGNATURE----- --=-=-=--
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Chris Marusich <cmmarusich@HIDDEN> Subject: bug#36335: Acknowledgement (Is /dev/kvm missing ACLs?) Message-ID: <handler.36335.B.156126361129770.ack <at> debbugs.gnu.org> References: <87sgs1c4r0.fsf@HIDDEN> X-Gnu-PR-Message: ack 36335 X-Gnu-PR-Package: guix Reply-To: 36335 <at> debbugs.gnu.org Date: Sun, 23 Jun 2019 04:21:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): bug-guix@HIDDEN If you wish to submit further information on this problem, please send it to 36335 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 36335: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D36335 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN Subject: bug#36335: Is /dev/kvm missing ACLs? Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: bug-guix@HIDDEN Resent-Date: Mon, 24 Jun 2019 19:56:01 +0000 Resent-Message-ID: <handler.36335.B36335.156140610526589 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 36335 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Chris Marusich <cmmarusich@HIDDEN> Cc: 36335 <at> debbugs.gnu.org Received: via spool by 36335-submit <at> debbugs.gnu.org id=B36335.156140610526589 (code B ref 36335); Mon, 24 Jun 2019 19:56:01 +0000 Received: (at 36335) by debbugs.gnu.org; 24 Jun 2019 19:55:05 +0000 Received: from localhost ([127.0.0.1]:58040 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1hfV3R-0006un-Cq for submit <at> debbugs.gnu.org; Mon, 24 Jun 2019 15:55:05 -0400 Received: from eggs.gnu.org ([209.51.188.92]:48080) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1hfV3P-0006uA-HS for 36335 <at> debbugs.gnu.org; Mon, 24 Jun 2019 15:55:03 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:43115) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>) id 1hfV3I-0004fJ-9O; Mon, 24 Jun 2019 15:54:57 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=43718 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <ludo@HIDDEN>) id 1hfV3H-0006JT-Ry; Mon, 24 Jun 2019 15:54:56 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> References: <87sgs1c4r0.fsf@HIDDEN> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 6 Messidor an 227 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 24 Jun 2019 21:54:54 +0200 In-Reply-To: <87sgs1c4r0.fsf@HIDDEN> (Chris Marusich's message of "Sat, 22 Jun 2019 21:20:03 -0700") Message-ID: <87v9wu4v3l.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi Chris, Chris Marusich <cmmarusich@HIDDEN> skribis: > I was trying to run some VMs via "guix system vm", and I noticed that > I didn't have permission to use KVM. This issue can be worked around by > running qemu as root, or by adding yourself to the "kvm" group. > However, I found it curious that the /dev/kvm device didn't have ACLs > granting me access: > > $ getfacl /dev/kvm > getfacl: Removing leading '/' from absolute path names > # file: dev/kvm > # owner: root > # group: kvm > user::rw- > group::rw- > other::--- > > > Is it expected that on Guix System, /dev/kvm does not by default receive > ACLs granting me access? Guix System doesn=E2=80=99t use ACLs at all. However, the udev rule for kvm sets it up like this: crw-rw---- 1 root kvm 10, 232 Jun 24 08:38 /dev/kvm and the build users are part of the =E2=80=98kvm=E2=80=99 group. I persona= lly arrange to have my user account in that group too. Thanks, Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN Subject: bug#36335: Is /dev/kvm missing ACLs? Resent-From: Chris Marusich <cmmarusich@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: bug-guix@HIDDEN Resent-Date: Thu, 27 Jun 2019 06:33:01 +0000 Resent-Message-ID: <handler.36335.B36335.15616171681942 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 36335 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> Cc: 36335 <at> debbugs.gnu.org Received: via spool by 36335-submit <at> debbugs.gnu.org id=B36335.15616171681942 (code B ref 36335); Thu, 27 Jun 2019 06:33:01 +0000 Received: (at 36335) by debbugs.gnu.org; 27 Jun 2019 06:32:48 +0000 Received: from localhost ([127.0.0.1]:37322 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1hgNxf-0000VF-LD for submit <at> debbugs.gnu.org; Thu, 27 Jun 2019 02:32:47 -0400 Received: from mail-pg1-f181.google.com ([209.85.215.181]:35151) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <cmmarusich@HIDDEN>) id 1hgNxe-0000V4-RY for 36335 <at> debbugs.gnu.org; Thu, 27 Jun 2019 02:32:47 -0400 Received: by mail-pg1-f181.google.com with SMTP id s27so534868pgl.2 for <36335 <at> debbugs.gnu.org>; Wed, 26 Jun 2019 23:32:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=HkUJggzDxUY2pUEqRyB2BVWt8DNJQDmd+aMOqazIhXM=; b=fnflZny/dMKTS86TJcGSH8DN//N/Bzhe7ZhnLdOFBxWIOni4m2f4eOemjZlp48ywfA kYEOWKCcKDJOA5fyNcdKny+YI2fQPbvQbSJVw9PT9zGvrQcrujF1OuTiPy+ajaDgRPZc Nk9RKvfT6zw3yRfOXYhlbS3XwdXPi/k4L2td6qM3Uopcm5xNGRNFCytSVZqQq9rf2iy4 yylO1mxyI+KFLb02xNTjMgw8xa+H1JTfyA0+Xyfm3i9fHBV57sj8l5c5S2f6yTMhgeVD n6qAPLa+kbjG5PCQxVJfRkX4dD864fKukU6ex9MLohJYHCmNW7FkWURCKF5HNIaAK42s qIVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=HkUJggzDxUY2pUEqRyB2BVWt8DNJQDmd+aMOqazIhXM=; b=Fx72oL4og1PcQw8taKrs76jJXVAe8qiOI/EvJdpdRgf2Cnhl7FyKAOlHsTMYoFqbvb ijLiQTCrMUJ1wZij8iwoOAU6QxiOizRWV+8IJv1V0G324F00D1lWH/g43pBgczmmSkIQ l3Ts4UYcC4aepKvoFcYVzCUAb4KAZzequeHL0U+LZ9HyLStSKx3edAaSW5O06nvqE4PH DMUrplhNCGkQFX6/Hbg+CjMUUxRfCGGDtdwKOQqPySrfszJRglyNJou8S3lIw/MJ20uP ba/irtk7bpPLNvKpZ7t7jNGPqZ7wuqtGbmqnesxrftAkr3p3MdYGBF8o8WLGqSf/jm46 Tv8Q== X-Gm-Message-State: APjAAAXi2BQcBvbhKfTGYAf2MUZT8MB6/+Qiwza4IwXKJno8HQO6z9mS klYXbb4Ub7Jq4FPdpswent8o/sk7 X-Google-Smtp-Source: APXvYqxXXwXieYkGFiGzbC8Dlu8ZiUJ6GY4DHgp/Tl5TbzZsgSkhXy9tAJcyFA1vxQiEdwV/+lZpdQ== X-Received: by 2002:a65:4348:: with SMTP id k8mr2171723pgq.219.1561617160418; Wed, 26 Jun 2019 23:32:40 -0700 (PDT) Received: from garuda.local ([2601:601:9d80:25b2::d12]) by smtp.gmail.com with ESMTPSA id t25sm966832pgv.30.2019.06.26.23.32.39 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 26 Jun 2019 23:32:39 -0700 (PDT) From: Chris Marusich <cmmarusich@HIDDEN> References: <87sgs1c4r0.fsf@HIDDEN> <87v9wu4v3l.fsf@HIDDEN> Date: Wed, 26 Jun 2019 23:32:37 -0700 In-Reply-To: <87v9wu4v3l.fsf@HIDDEN> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Mon, 24 Jun 2019 21:54:54 +0200") Message-ID: <87d0izlere.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Ludo, Ludovic Court=C3=A8s <ludo@HIDDEN> writes: > Guix System doesn=E2=80=99t use ACLs at all. > > However, the udev rule for kvm sets it up like this: > > crw-rw---- 1 root kvm 10, 232 Jun 24 08:38 /dev/kvm > > and the build users are part of the =E2=80=98kvm=E2=80=99 group. I perso= nally arrange > to have my user account in that group too. It's good to know that the "kvm" group is the right way to grant permissions. However, if Guix System doesn't use ACLs, then why do some of my device files have ACLs on them, such as the video device file? =2D-8<---------------cut here---------------start------------->8--- $ getfacl /dev/video0=20 getfacl: Removing leading '/' from absolute path names # file: dev/video0 # owner: root # group: video user::rw- user:marusich:rw- group::rw- mask::rw- other::--- =2D-8<---------------cut here---------------end--------------->8--- =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl0UYwYACgkQ3UCaFdgi Rp1dfxAAsK8bU+YALhclhjKNCJ6RiYbNK4PEMwnxtzpakqLyPAFc6y8fB3hpUge8 S+Pbgiz4LuSBY4iJQ/ZPSRHtyS4BtlmxLOEBe2opf7acXhXup1CelMk/RSHysIT6 sotZu1DhGJZliFsG8ksCjpJi17UCleBDNpIOOudzVZ5qf9oykuhIUh+4n05j8pX0 JXY+R5rfeaTPYBuqP1M4y0byk5ugwmIghh9Zbmq8hOOVg8Nbzj7hwD3CTtO8a3PJ IhHvN0H7xXJIgzQtgJIkd1zG7mGXWwKdsZLgeDrEvOmWdEHac5+c2qxcnjRWViGM GZsUWSYa+jlUXQLlM9JgtVpLXIZSK6DwdyK21J4gH5eYka8MRvBcRotk1lctqNGo zemqvnFykt1Z4gzkZ3R3sSzRvHQG0rqyo7HtAxg7awoEt13YTV8aFoEBwJaIT1z+ ySFiSO449MMn81M3U4atJm6cVzGhtSSyQoiV+PcBXOmJmcZZ6gfm+oFheI6l54nZ g/vdgftSNLeljwRT1jAlXkHHnzgxKBxTv3N4kvOtcPyuZUU2m6JwOiibhBVN0tCs uWayKqXrZ+5mzotg+zf+fjNaP64OKu65saEYDhZv+mM5eRGrZMK/lzA8s68awM9e Kh8DXB2jJJWQW8UhIpOjBhzDDvxLzlHPUk6M3E4E065V3Ht02Xg= =LLpi -----END PGP SIGNATURE----- --=-=-=--
X-Loop: help-debbugs@HIDDEN Subject: bug#36335: Is /dev/kvm missing ACLs? Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: bug-guix@HIDDEN Resent-Date: Thu, 27 Jun 2019 13:46:02 +0000 Resent-Message-ID: <handler.36335.B36335.15616431443370 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 36335 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Chris Marusich <cmmarusich@HIDDEN> Cc: 36335 <at> debbugs.gnu.org Received: via spool by 36335-submit <at> debbugs.gnu.org id=B36335.15616431443370 (code B ref 36335); Thu, 27 Jun 2019 13:46:02 +0000 Received: (at 36335) by debbugs.gnu.org; 27 Jun 2019 13:45:44 +0000 Received: from localhost ([127.0.0.1]:37684 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1hgUie-0000sI-D2 for submit <at> debbugs.gnu.org; Thu, 27 Jun 2019 09:45:44 -0400 Received: from eggs.gnu.org ([209.51.188.92]:32798) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1hgUib-0000s4-Nb for 36335 <at> debbugs.gnu.org; Thu, 27 Jun 2019 09:45:42 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50550) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>) id 1hgUiW-00005m-H6; Thu, 27 Jun 2019 09:45:36 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=45348 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <ludo@HIDDEN>) id 1hgUiV-00022A-Kl; Thu, 27 Jun 2019 09:45:36 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> References: <87sgs1c4r0.fsf@HIDDEN> <87v9wu4v3l.fsf@HIDDEN> <87d0izlere.fsf@HIDDEN> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 9 Messidor an 227 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 27 Jun 2019 15:45:33 +0200 In-Reply-To: <87d0izlere.fsf@HIDDEN> (Chris Marusich's message of "Wed, 26 Jun 2019 23:32:37 -0700") Message-ID: <87sgrv16rm.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi Chris, Chris Marusich <cmmarusich@HIDDEN> skribis: > Ludovic Court=C3=A8s <ludo@HIDDEN> writes: > >> Guix System doesn=E2=80=99t use ACLs at all. >> >> However, the udev rule for kvm sets it up like this: >> >> crw-rw---- 1 root kvm 10, 232 Jun 24 08:38 /dev/kvm >> >> and the build users are part of the =E2=80=98kvm=E2=80=99 group. I pers= onally arrange >> to have my user account in that group too. > > It's good to know that the "kvm" group is the right way to grant > permissions. However, if Guix System doesn't use ACLs, then why do some > of my device files have ACLs on them, such as the video device file? > > $ getfacl /dev/video0=20 > getfacl: Removing leading '/' from absolute path names > # file: dev/video0 > # owner: root > # group: video > user::rw- > user:marusich:rw- > group::rw- > mask::rw- > other::--- Good question, I see the same thing here. I suspected a udev rule but =E2=80=98grep=E2=80=99 didn=E2=80=99t find any = that explicitly does that, and there=E2=80=99s no code in eudev that fiddles with ACLs either, a= nd nothing obvious in devtmpfs.c in Linux. So=E2=80=A6 it=E2=80=99s a mystery. Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN Subject: bug#36335: Is /dev/kvm missing ACLs? Resent-From: Danny Milosavljevic <dannym@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: bug-guix@HIDDEN Resent-Date: Mon, 01 Jul 2019 08:42:01 +0000 Resent-Message-ID: <handler.36335.B36335.156197048614459 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 36335 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> Cc: 36335 <at> debbugs.gnu.org, Chris Marusich <cmmarusich@HIDDEN> Received: via spool by 36335-submit <at> debbugs.gnu.org id=B36335.156197048614459 (code B ref 36335); Mon, 01 Jul 2019 08:42:01 +0000 Received: (at 36335) by debbugs.gnu.org; 1 Jul 2019 08:41:26 +0000 Received: from localhost ([127.0.0.1]:47662 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1hhrsM-0003l9-I9 for submit <at> debbugs.gnu.org; Mon, 01 Jul 2019 04:41:26 -0400 Received: from dd26836.kasserver.com ([85.13.145.193]:48204) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <dannym@HIDDEN>) id 1hhrsK-0003l0-JR for 36335 <at> debbugs.gnu.org; Mon, 01 Jul 2019 04:41:25 -0400 Received: from localhost (unknown [185.17.13.127]) by dd26836.kasserver.com (Postfix) with ESMTPSA id 2363F33675E6; Mon, 1 Jul 2019 10:41:23 +0200 (CEST) Date: Mon, 1 Jul 2019 10:41:14 +0200 From: Danny Milosavljevic <dannym@HIDDEN> Message-ID: <20190701104114.0d0aca46@HIDDEN> In-Reply-To: <87sgrv16rm.fsf@HIDDEN> References: <87sgs1c4r0.fsf@HIDDEN> <87v9wu4v3l.fsf@HIDDEN> <87d0izlere.fsf@HIDDEN> <87sgrv16rm.fsf@HIDDEN> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/5LvMGATds7=.rj=6uU6k2zk"; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) --Sig_/5LvMGATds7=.rj=6uU6k2zk Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Thu, 27 Jun 2019 15:45:33 +0200 Ludovic Court=C3=A8s <ludo@HIDDEN> wrote: > I suspected a udev rule but =E2=80=98grep=E2=80=99 didn=E2=80=99t find an= y that explicitly does > that, and there=E2=80=99s no code in eudev that fiddles with ACLs either,= and > nothing obvious in devtmpfs.c in Linux. So=E2=80=A6 it=E2=80=99s a myste= ry. Might be elogind. It sets some ACLs on login. --Sig_/5LvMGATds7=.rj=6uU6k2zk Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl0ZxyoACgkQ5xo1VCww uqUNMQf5AUKYuUZigE1cx2lJR6Zc7kaSqXmrKmdrcObWh0ekKECd5x6805XbkSMQ +jczH1z5SfbvamIGRUHV9/zPkkxjmqMQujrKiQskx4SF95J7/0Z9WtGDvEhMU0RA tZte6SzpO+mU6uZI2zIl0o/CTh6Zv3xzwWLqF+L99xWza9NRxoa3f2NZeoHCMFU6 nFeAP5LJ2dbBemo+MTZoI2LvE9cnd595QjU0k/QMwS7DLyvyQ1gKnToPQR5gyoWh buDQ5lzWfDY/c2aDFNTjTTrssNw8xSbQIT/QZg+WDaKrWeF2bwqHHNEckp9l6hai 8K/bfmDKHal1LNwHbZ/IHHT6EH62Zg== =wTZy -----END PGP SIGNATURE----- --Sig_/5LvMGATds7=.rj=6uU6k2zk--
X-Loop: help-debbugs@HIDDEN Subject: bug#36335: Is /dev/kvm missing ACLs? Resent-From: Chris Marusich <cmmarusich@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: bug-guix@HIDDEN Resent-Date: Wed, 10 Jul 2019 06:24:02 +0000 Resent-Message-ID: <handler.36335.B36335.15627398215980 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 36335 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> Cc: Danny Milosavljevic <dannym@HIDDEN>, 36335 <at> debbugs.gnu.org Received: via spool by 36335-submit <at> debbugs.gnu.org id=B36335.15627398215980 (code B ref 36335); Wed, 10 Jul 2019 06:24:02 +0000 Received: (at 36335) by debbugs.gnu.org; 10 Jul 2019 06:23:41 +0000 Received: from localhost ([127.0.0.1]:34755 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1hl60y-0001YO-Ks for submit <at> debbugs.gnu.org; Wed, 10 Jul 2019 02:23:40 -0400 Received: from mail-pg1-f182.google.com ([209.85.215.182]:34963) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <cmmarusich@HIDDEN>) id 1hl60v-0001Y9-UF for 36335 <at> debbugs.gnu.org; Wed, 10 Jul 2019 02:23:39 -0400 Received: by mail-pg1-f182.google.com with SMTP id s27so710502pgl.2 for <36335 <at> debbugs.gnu.org>; Tue, 09 Jul 2019 23:23:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=nRX77cVHeJ0RhJGjyTJZxxWkKYIzUlfWbH5zlMTtW7Q=; b=NM6rYJYaIrpCc+cWheI5+gCFDdE+qr62aQzZ48b3SG+Q20PPkbxfBLGqbOY5b/U4RS BSmRA2qL+XE9cMb8kFq46u0P5wyXbWu/uHqQKfXTDL3ZxHypQFepTowdvwsqaKB+7ZtK mDULnNNqUoDa3vC3a3iYQ5vLZvVAyHc+b/KLN7Y1cTu5PL+5WCRY/3LKDqqnwLWOeJz0 95NHjIgiDZ1A2Uasskd2pFA8RKMz8fnzsEzUdkaQIjOngiWaZn4mlLyCKfPGlXxEQhdz OANwSZYtAZwnaWjq4pXQq9S7t4Dl52RJLsw8c7L2RkpxrdEfaTX7/s+pqAKYY1H2OS4l adjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=nRX77cVHeJ0RhJGjyTJZxxWkKYIzUlfWbH5zlMTtW7Q=; b=RD0dIHjAaa8a36I84XiMTG7bXYX1GMUo/2LjnkBYZHHUr4eQaeO4ZHouYFlG5xNXhU KuM4mc5e4B3lCZRD1iXO3DdcEY34XKquC/CKe94S+ReRpF0srMoNhwBYJlVu99I+Nond aYiLjWqtGsVTpOE4zhXnv1qjX7+lrMsp7mZ3x5ROd3yifIrzTAOsz2/wSJGNhXizoyq7 0mcj0Y0qIgTUHEpvsf4ShrHRPw2vKg+kTQEExzgtZzARh5P5xD+9UmSkjAbVYSaoCRN6 v/XKH68amNGRKqZVDuJienVrspnlic9GMZocOpxXDjBt1sg068nbNNsLeyWvpWI+BNNE O29g== X-Gm-Message-State: APjAAAUhhJSqdJ9LIHJwdq1XygcKUPRBT8sxn15WqzfaAIQkPYJ1++7b mjOtWH3FjRLrUVX2Gcb2lU5uMGvQ X-Google-Smtp-Source: APXvYqyPfhl+KB1fwZaslkPZWDllSYh/QFYwUSZwRtwkxTPEztr8yopO2CAISN9k3GSvQ5f3Gu688A== X-Received: by 2002:a63:fd0d:: with SMTP id d13mr36235557pgh.423.1562739811357; Tue, 09 Jul 2019 23:23:31 -0700 (PDT) Received: from garuda.local ([2601:601:9d80:25b2::d12]) by smtp.gmail.com with ESMTPSA id s193sm2064275pgc.32.2019.07.09.23.23.29 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 09 Jul 2019 23:23:30 -0700 (PDT) From: Chris Marusich <cmmarusich@HIDDEN> References: <87sgs1c4r0.fsf@HIDDEN> <87v9wu4v3l.fsf@HIDDEN> <87d0izlere.fsf@HIDDEN> <87sgs1c4r0.fsf@HIDDEN> <87v9wu4v3l.fsf@HIDDEN> <87d0izlere.fsf@HIDDEN> <87sgrv16rm.fsf@HIDDEN> <87sgrv16rm.fsf@HIDDEN> Date: Tue, 09 Jul 2019 23:23:28 -0700 In-Reply-To: <87sgrv16rm.fsf@HIDDEN> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Thu, 27 Jun 2019 15:45:33 +0200, Mon, 1 Jul 2019 10:41:14 +0200") Message-ID: <87lfx6l867.fsf_-_@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Ludovic =?UTF-8?Q?Court=C3=A8s?= writes: > Hi Chris, > > Chris Marusich skribis: > >> Ludovic =?UTF-8?Q?Court=C3=A8s?= writes: >> >>> Guix System =?UTF-8?Q?doesn=E2=80=99t?= use ACLs at all. >>> >>> However, the udev rule for kvm sets it up like this: >>> >>> crw-rw---- [...] Content analysis details: (1.3 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: scratchpost.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (cmmarusich[at]gmail.com) 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.215.182 listed in list.dnswl.org] 1.3 PDS_NO_HELO_DNS High profile HELO but no A record X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 0.3 (/) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s <ludo@HIDDEN> writes: > Hi Chris, > > Chris Marusich <cmmarusich@HIDDEN> skribis: > >> Ludovic Court=C3=A8s <ludo@HIDDEN> writes: >> >>> Guix System doesn=E2=80=99t use ACLs at all. >>> >>> However, the udev rule for kvm sets it up like this: >>> >>> crw-rw---- 1 root kvm 10, 232 Jun 24 08:38 /dev/kvm >>> >>> and the build users are part of the =E2=80=98kvm=E2=80=99 group. I per= sonally arrange >>> to have my user account in that group too. >> >> It's good to know that the "kvm" group is the right way to grant >> permissions. However, if Guix System doesn't use ACLs, then why do some >> of my device files have ACLs on them, such as the video device file? >> >> $ getfacl /dev/video0=20 >> getfacl: Removing leading '/' from absolute path names >> # file: dev/video0 >> # owner: root >> # group: video >> user::rw- >> user:marusich:rw- >> group::rw- >> mask::rw- >> other::--- > > Good question, I see the same thing here. > > I suspected a udev rule but =E2=80=98grep=E2=80=99 didn=E2=80=99t find an= y that explicitly does > that, and there=E2=80=99s no code in eudev that fiddles with ACLs either,= and > nothing obvious in devtmpfs.c in Linux. So=E2=80=A6 it=E2=80=99s a myste= ry. > > Ludo=E2=80=99. Danny Milosavljevic <dannym@HIDDEN> writes: > On Thu, 27 Jun 2019 15:45:33 +0200 > Ludovic Court=C3=A8s <ludo@HIDDEN> wrote: > >> I suspected a udev rule but =E2=80=98grep=E2=80=99 didn=E2=80=99t find a= ny that explicitly does >> that, and there=E2=80=99s no code in eudev that fiddles with ACLs either= , and >> nothing obvious in devtmpfs.c in Linux. So=E2=80=A6 it=E2=80=99s a myst= ery. > > Might be elogind. It sets some ACLs on login. Might be. I am content knowing that on Guix System, the intended way to control access to /dev/kvm is by using the "kvm" group. However, it still smells like we may have an ACL-related bug: It seems to be unexpected that ACLs are getting set for some devices (e.g., /dev/video0), but not for others (e.g., /dev/kvm). What do you think? =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl0lhGAACgkQ3UCaFdgi Rp3zIhAAg6dbHuIm1A6R2ExdkV4HFoKp3RWx7hwns8uNTwYQAMhd4myUpqPd1ArL mDcF6r1sRHXJGH1O1RyBQTybOmkTXDo6Xu9d7793SDkNH0IkdtDi6lG8FFTKa5Vb +BUwLI/Ec0PKw64XM1d3IxKM7TTnOmR6GyPadSx1ymjHQI39dnl8YBsg+9iQHRqx llD9Tyt4gxcDEHvxEBlqOYyqFxSCMlnWEQKnm5yXwr81HeLm1v4QySr9CTWy2ML6 KN12G6FuI7d7ORa4J7IXN9hlwvZig7yLOAbFuxKYeSuGzZbrHRlKffmecFekduvC PlHUx9MvuHoeAGvPgKF+blDDjV2odL6gtAMjeAbwJ2Hl4q/NELgZhhJ2rTVFTBIV F0aU/oTl7DKHjfWXwdcyQdlfg/d2R8xGSdlJyoPvgUWq8U/PnL39xQ3IDw8vkLum BLshfhzPmHKFlOmfaLlWv8Sz4j+WiJrJPZ0Yvk24ZEUjofYMEHIVq0ftL9y0boe3 c6tNIHZyAbhQm1oa0gLj/tHmo8752QDY64p64Fr3tRX/NAIGmkcpG9fas4ypniog MS+kwbL6eo7rB+FaH3lS4/IIs/r6ybgWDUcPnpkhqLJJikKZScwgfm8d3rcH0E01 oSZpzHKzFLQgGqIOdogK8rYyieFwUBjtBpuDGfRnuq7v8Y2hI0M= =etO6 -----END PGP SIGNATURE----- --=-=-=--
X-Loop: help-debbugs@HIDDEN Subject: bug#36335: Is /dev/kvm missing ACLs? Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: bug-guix@HIDDEN Resent-Date: Wed, 10 Jul 2019 17:11:02 +0000 Resent-Message-ID: <handler.36335.B36335.15627786224323 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 36335 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Chris Marusich <cmmarusich@HIDDEN> Cc: Danny Milosavljevic <dannym@HIDDEN>, 36335 <at> debbugs.gnu.org Received: via spool by 36335-submit <at> debbugs.gnu.org id=B36335.15627786224323 (code B ref 36335); Wed, 10 Jul 2019 17:11:02 +0000 Received: (at 36335) by debbugs.gnu.org; 10 Jul 2019 17:10:22 +0000 Received: from localhost ([127.0.0.1]:36517 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1hlG6n-00017d-1V for submit <at> debbugs.gnu.org; Wed, 10 Jul 2019 13:10:22 -0400 Received: from eggs.gnu.org ([209.51.188.92]:60263) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1hlG6l-00017Q-CK for 36335 <at> debbugs.gnu.org; Wed, 10 Jul 2019 13:10:19 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:47949) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>) id 1hlG6f-0007rb-RK; Wed, 10 Jul 2019 13:10:13 -0400 Received: from [81.18.188.212] (port=57586 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <ludo@HIDDEN>) id 1hlG6b-0005EU-MZ; Wed, 10 Jul 2019 13:10:13 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> References: <87sgs1c4r0.fsf@HIDDEN> <87v9wu4v3l.fsf@HIDDEN> <87d0izlere.fsf@HIDDEN> <87sgs1c4r0.fsf@HIDDEN> <87v9wu4v3l.fsf@HIDDEN> <87d0izlere.fsf@HIDDEN> <87sgrv16rm.fsf@HIDDEN> <87sgrv16rm.fsf@HIDDEN> <87lfx6l867.fsf_-_@HIDDEN> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 22 Messidor an 227 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 10 Jul 2019 19:10:02 +0200 In-Reply-To: <87lfx6l867.fsf_-_@HIDDEN> (Chris Marusich's message of "Tue, 09 Jul 2019 23:23:28 -0700") Message-ID: <87o921zuhh.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi, Chris Marusich <cmmarusich@HIDDEN> skribis: > I am content knowing that on Guix System, the intended way to control > access to /dev/kvm is by using the "kvm" group. However, it still > smells like we may have an ACL-related bug: It seems to be unexpected > that ACLs are getting set for some devices (e.g., /dev/video0), but not > for others (e.g., /dev/kvm). > > What do you think? I agree. I=E2=80=99d like to have a definite answer as to where these come from; elogind was suspect #1 but I haven=E2=80=99t found anything conclusiv= e. Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN Subject: bug#36335: Is /dev/kvm missing ACLs? Resent-From: Danny Milosavljevic <dannym@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: bug-guix@HIDDEN Resent-Date: Thu, 11 Jul 2019 07:19:01 +0000 Resent-Message-ID: <handler.36335.B36335.15628294968151 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 36335 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> Cc: 36335 <at> debbugs.gnu.org, Chris Marusich <cmmarusich@HIDDEN> Received: via spool by 36335-submit <at> debbugs.gnu.org id=B36335.15628294968151 (code B ref 36335); Thu, 11 Jul 2019 07:19:01 +0000 Received: (at 36335) by debbugs.gnu.org; 11 Jul 2019 07:18:16 +0000 Received: from localhost ([127.0.0.1]:36984 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1hlTLM-00027P-EJ for submit <at> debbugs.gnu.org; Thu, 11 Jul 2019 03:18:16 -0400 Received: from dd26836.kasserver.com ([85.13.145.193]:56786) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <dannym@HIDDEN>) id 1hlTLK-00027H-QW for 36335 <at> debbugs.gnu.org; Thu, 11 Jul 2019 03:18:15 -0400 Received: from localhost (77.116.204.226.wireless.dyn.drei.com [77.116.204.226]) by dd26836.kasserver.com (Postfix) with ESMTPSA id 39AA9336181B; Thu, 11 Jul 2019 09:18:11 +0200 (CEST) Date: Thu, 11 Jul 2019 09:18:07 +0200 From: Danny Milosavljevic <dannym@HIDDEN> Message-ID: <20190711091807.679799f6@HIDDEN> In-Reply-To: <87o921zuhh.fsf@HIDDEN> References: <87sgs1c4r0.fsf@HIDDEN> <87v9wu4v3l.fsf@HIDDEN> <87d0izlere.fsf@HIDDEN> <87sgs1c4r0.fsf@HIDDEN> <87v9wu4v3l.fsf@HIDDEN> <87d0izlere.fsf@HIDDEN> <87sgrv16rm.fsf@HIDDEN> <87sgrv16rm.fsf@HIDDEN> <87lfx6l867.fsf_-_@HIDDEN> <87o921zuhh.fsf@HIDDEN> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/v=t9PLxEDbvxY.HcQHvhMLm"; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) --Sig_/v=t9PLxEDbvxY.HcQHvhMLm Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable auditd can find those acl setters :) # auditctl -w /dev/kvm -p a -k kvm-acl-setter-foo Later on: # ausearch -k kvm-acl-setter-foo --Sig_/v=t9PLxEDbvxY.HcQHvhMLm Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl0m4q8ACgkQ5xo1VCww uqWNTQf/TOsdDmK9XFT7iDP+MUNQzIYwFOGHl/uhzg+Wc9qpzz2E2tI5SPutunuJ dUlzVih5XbzqsHKSexDGnAOidAmINpWcmZ7w+r7WVH0kZrl6QV9iF6D/GYsk6jmZ 4tjvaWTsZX/wmfvwRPxiKfVeXV221aIuG4Y2fPY8/SjQZqfrFR6mxEQhJ49TpNZS Nl7xVbH85s79ge+fS4j0Y3r0prP7tDtF/URkeUtJEr4GbMMXUlsHeiETXrJqGWFR TX1knyrZsN3dYEUXZWFVKVvI6rqrpEFqrrEEjTG9yjOCaFBZQosw9KxHr3UdPAID 0ZxGnWN1yVSodsAremXc3RQFb7tS9A== =g4wp -----END PGP SIGNATURE----- --Sig_/v=t9PLxEDbvxY.HcQHvhMLm--
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.