GNU logs - #36335, boring messages

Message sent to bug-guix@HIDDEN:

Subject: bug#36335: Is /dev/kvm missing ACLs?
Resent-From: Chris Marusich <cmmarusich@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Sun, 23 Jun 2019 04:21:02 +0000
Resent-Message-ID: <handler.36335.B.156126361129770 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
To: 36335 <at> debbugs.gnu.org
From: Chris Marusich <cmmarusich@HIDDEN>
Date: Sat, 22 Jun 2019 21:20:03 -0700
Message-ID: <87sgs1c4r0.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
Precedence: list
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi,

I was trying to run some VMs via "guix system vm", and I noticed that
I didn't have permission to use KVM.  This issue can be worked around by
running qemu as root, or by adding yourself to the "kvm" group.
However, I found it curious that the /dev/kvm device didn't have ACLs
granting me access:

=2D-8<---------------cut here---------------start------------->8---
$ getfacl /dev/kvm
getfacl: Removing leading '/' from absolute path names
# file: dev/kvm
# owner: root
# group: kvm
user::rw-
group::rw-
other::---
=2D-8<---------------cut here---------------end--------------->8---

Is it expected that on Guix System, /dev/kvm does not by default receive
ACLs granting me access?  I'm logged into a GNOME session via GDM, and I
was under the impression that logind or udevd would automatically set up
ACLs for me to access local devices, such as /dev/kvm and /dev/sr0, in
this case.

Note that I DO have ACLs for some other devices, such as video0:

=2D-8<---------------cut here---------------start------------->8---
$ getfacl /dev/video0
getfacl: Removing leading '/' from absolute path names
# file: dev/video0
# owner: root
# group: video
user::rw-
user:marusich:rw-
group::rw-
mask::rw-
other::---
=2D-8<---------------cut here---------------end--------------->8---

=2D-=20
Chris

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl0O/fMACgkQ3UCaFdgi
Rp3oTw//c+BeaSCb0JZaRk5Bj80bswCV9Wll9cOLAymneGeZ8RB73JquD/aMtFWN
9sdueKSK9X7HOy/v247PNzBwZ8K8axOFFgCd1jsI9LVgUNT4xdCsZgGDYoEYjbbQ
oGWmr4hY/L3i3aVlVl2QLxBTd+af3HnVm1xSYWWAfxBcdprf7gn+a9lJ40jbP4XE
CT4n920J9C17aLnPBrx34RHcLFZXsoEt9JLixQopmgV8l3uD1NlCbG9p9cVJeG17
mk1RraAZZaGe0jb433QcZrrdwKkbk7OrQmS1LxqnMau2Q4seLbew1BDwtpB3LAjo
jQ9SA24sXTjqtV/2zxpiRfA0dgWNxAzXCVYJLKRiHfyhDg56VUcSN86qdrVMVgm4
sMSO8hYazshjQZ6Lou76OuQNnRDKn/wRK4u24kBqurvlV+CvGlhwsdBLn+JGhArV
O6v4omOwESUaTnHXJbjnbqE2wDqHgXxQ9KEsEyNVhMs6w87upLj9cx/npvHv+9Z0
LFOzlS7TedfaKrQ9VglJIVnRIAl19/ImMZl3GXv4nEwISlTpViczQsl3FcSM+1jJ
2JmIrH4f/jEKWiAPnth0XjG/A7qDQdn2MbUOpbsIUzPr1CZAMzA8h5v/SVSoIrJ7
EG4iHbFHfLQZnsGeH4+swKNT4d5X8i0o2Gr+2CCrrDge3I+aw1Y=
=I5Ij
-----END PGP SIGNATURE-----
--=-=-=--

Message sent:

Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
Content-Type: text/plain; charset=utf-8
X-Loop: help-debbugs@HIDDEN
From: help-debbugs@HIDDEN (GNU bug Tracking System)
To: Chris Marusich <cmmarusich@HIDDEN>
Subject: bug#36335: Acknowledgement (Is /dev/kvm missing ACLs?)
Message-ID: <handler.36335.B.156126361129770.ack <at> debbugs.gnu.org>
References: <87sgs1c4r0.fsf@HIDDEN>
X-Gnu-PR-Message: ack 36335
X-Gnu-PR-Package: guix
Reply-To: 36335 <at> debbugs.gnu.org
Date: Sun, 23 Jun 2019 04:21:02 +0000

Thank you for filing a new bug report with debbugs.gnu.org.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

Your message has been sent to the package maintainer(s):
 bug-guix@HIDDEN

If you wish to submit further information on this problem, please
send it to 36335 <at> debbugs.gnu.org.

Please do not send mail to help-debbugs@HIDDEN unless you wish
to report a problem with the Bug-tracking system.

--=20
36335: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D36335
GNU Bug Tracking System
Contact help-debbugs@HIDDEN with problems

Message sent to bug-guix@HIDDEN:

Subject: bug#36335: Is /dev/kvm missing ACLs?
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Mon, 24 Jun 2019 19:56:01 +0000
Resent-Message-ID: <handler.36335.B36335.156140610526589 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
To: Chris Marusich <cmmarusich@HIDDEN>
Cc: 36335 <at> debbugs.gnu.org
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
References: <87sgs1c4r0.fsf@HIDDEN>
Date: Mon, 24 Jun 2019 21:54:54 +0200
In-Reply-To: <87sgs1c4r0.fsf@HIDDEN> (Chris Marusich's message of "Sat, 22
 Jun 2019 21:20:03 -0700")
Message-ID: <87v9wu4v3l.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Precedence: list
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>

Hi Chris,

Chris Marusich <cmmarusich@HIDDEN> skribis:

> I was trying to run some VMs via "guix system vm", and I noticed that
> I didn't have permission to use KVM.  This issue can be worked around by
> running qemu as root, or by adding yourself to the "kvm" group.
> However, I found it curious that the /dev/kvm device didn't have ACLs
> granting me access:
>
> $ getfacl /dev/kvm
> getfacl: Removing leading '/' from absolute path names
> # file: dev/kvm
> # owner: root
> # group: kvm
> user::rw-
> group::rw-
> other::---
>
>
> Is it expected that on Guix System, /dev/kvm does not by default receive
> ACLs granting me access?

Guix System doesn=E2=80=99t use ACLs at all.

However, the udev rule for kvm sets it up like this:

  crw-rw---- 1 root kvm 10, 232 Jun 24 08:38 /dev/kvm

and the build users are part of the =E2=80=98kvm=E2=80=99 group.  I persona=
lly arrange
to have my user account in that group too.

Thanks,
Ludo=E2=80=99.

Message sent to bug-guix@HIDDEN:

Subject: bug#36335: Is /dev/kvm missing ACLs?
Resent-From: Chris Marusich <cmmarusich@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Thu, 27 Jun 2019 06:33:01 +0000
Resent-Message-ID: <handler.36335.B36335.15616171681942 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Cc: 36335 <at> debbugs.gnu.org
From: Chris Marusich <cmmarusich@HIDDEN>
References: <87sgs1c4r0.fsf@HIDDEN> <87v9wu4v3l.fsf@HIDDEN>
Date: Wed, 26 Jun 2019 23:32:37 -0700
In-Reply-To: <87v9wu4v3l.fsf@HIDDEN> ("Ludovic
 \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
 \=\?utf-8\?Q\?s\?\= message of "Mon, 24 Jun 2019 21:54:54 +0200")
Message-ID: <87d0izlere.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
Precedence: list
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi Ludo,

Ludovic Court=C3=A8s <ludo@HIDDEN> writes:

> Guix System doesn=E2=80=99t use ACLs at all.
>
> However, the udev rule for kvm sets it up like this:
>
>   crw-rw---- 1 root kvm 10, 232 Jun 24 08:38 /dev/kvm
>
> and the build users are part of the =E2=80=98kvm=E2=80=99 group.  I perso=
nally arrange
> to have my user account in that group too.

It's good to know that the "kvm" group is the right way to grant
permissions.  However, if Guix System doesn't use ACLs, then why do some
of my device files have ACLs on them, such as the video device file?

=2D-8<---------------cut here---------------start------------->8---
$ getfacl /dev/video0=20
getfacl: Removing leading '/' from absolute path names
# file: dev/video0
# owner: root
# group: video
user::rw-
user:marusich:rw-
group::rw-
mask::rw-
other::---
=2D-8<---------------cut here---------------end--------------->8---

=2D-=20
Chris

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl0UYwYACgkQ3UCaFdgi
Rp1dfxAAsK8bU+YALhclhjKNCJ6RiYbNK4PEMwnxtzpakqLyPAFc6y8fB3hpUge8
S+Pbgiz4LuSBY4iJQ/ZPSRHtyS4BtlmxLOEBe2opf7acXhXup1CelMk/RSHysIT6
sotZu1DhGJZliFsG8ksCjpJi17UCleBDNpIOOudzVZ5qf9oykuhIUh+4n05j8pX0
JXY+R5rfeaTPYBuqP1M4y0byk5ugwmIghh9Zbmq8hOOVg8Nbzj7hwD3CTtO8a3PJ
IhHvN0H7xXJIgzQtgJIkd1zG7mGXWwKdsZLgeDrEvOmWdEHac5+c2qxcnjRWViGM
GZsUWSYa+jlUXQLlM9JgtVpLXIZSK6DwdyK21J4gH5eYka8MRvBcRotk1lctqNGo
zemqvnFykt1Z4gzkZ3R3sSzRvHQG0rqyo7HtAxg7awoEt13YTV8aFoEBwJaIT1z+
ySFiSO449MMn81M3U4atJm6cVzGhtSSyQoiV+PcBXOmJmcZZ6gfm+oFheI6l54nZ
g/vdgftSNLeljwRT1jAlXkHHnzgxKBxTv3N4kvOtcPyuZUU2m6JwOiibhBVN0tCs
uWayKqXrZ+5mzotg+zf+fjNaP64OKu65saEYDhZv+mM5eRGrZMK/lzA8s68awM9e
Kh8DXB2jJJWQW8UhIpOjBhzDDvxLzlHPUk6M3E4E065V3Ht02Xg=
=LLpi
-----END PGP SIGNATURE-----
--=-=-=--

Message sent to bug-guix@HIDDEN:

X-Loop: help-debbugs@HIDDEN
Subject: bug#36335: Is /dev/kvm missing ACLs?
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Thu, 27 Jun 2019 13:46:02 +0000
Resent-Message-ID: <handler.36335.B36335.15616431443370 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 36335
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Chris Marusich <cmmarusich@HIDDEN>
Cc: 36335 <at> debbugs.gnu.org
Received: via spool by 36335-submit <at> debbugs.gnu.org id=B36335.15616431443370
          (code B ref 36335); Thu, 27 Jun 2019 13:46:02 +0000
Received: (at 36335) by debbugs.gnu.org; 27 Jun 2019 13:45:44 +0000
Received: from localhost ([127.0.0.1]:37684 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1hgUie-0000sI-D2
	for submit <at> debbugs.gnu.org; Thu, 27 Jun 2019 09:45:44 -0400
Received: from eggs.gnu.org ([209.51.188.92]:32798)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1hgUib-0000s4-Nb
 for 36335 <at> debbugs.gnu.org; Thu, 27 Jun 2019 09:45:42 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:50550)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
 id 1hgUiW-00005m-H6; Thu, 27 Jun 2019 09:45:36 -0400
Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=45348 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1hgUiV-00022A-Kl; Thu, 27 Jun 2019 09:45:36 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
References: <87sgs1c4r0.fsf@HIDDEN> <87v9wu4v3l.fsf@HIDDEN>
 <87d0izlere.fsf@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 9 Messidor an 227 de la =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Thu, 27 Jun 2019 15:45:33 +0200
In-Reply-To: <87d0izlere.fsf@HIDDEN> (Chris Marusich's message of "Wed, 26
 Jun 2019 23:32:37 -0700")
Message-ID: <87sgrv16rm.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi Chris,

Chris Marusich <cmmarusich@HIDDEN> skribis:

> Ludovic Court=C3=A8s <ludo@HIDDEN> writes:
>
>> Guix System doesn=E2=80=99t use ACLs at all.
>>
>> However, the udev rule for kvm sets it up like this:
>>
>>   crw-rw---- 1 root kvm 10, 232 Jun 24 08:38 /dev/kvm
>>
>> and the build users are part of the =E2=80=98kvm=E2=80=99 group.  I pers=
onally arrange
>> to have my user account in that group too.
>
> It's good to know that the "kvm" group is the right way to grant
> permissions.  However, if Guix System doesn't use ACLs, then why do some
> of my device files have ACLs on them, such as the video device file?
>
> $ getfacl /dev/video0=20
> getfacl: Removing leading '/' from absolute path names
> # file: dev/video0
> # owner: root
> # group: video
> user::rw-
> user:marusich:rw-
> group::rw-
> mask::rw-
> other::---

Good question, I see the same thing here.

I suspected a udev rule but =E2=80=98grep=E2=80=99 didn=E2=80=99t find any =
that explicitly does
that, and there=E2=80=99s no code in eudev that fiddles with ACLs either, a=
nd
nothing obvious in devtmpfs.c in Linux.  So=E2=80=A6 it=E2=80=99s a mystery.

Ludo=E2=80=99.

Message sent to bug-guix@HIDDEN:

X-Loop: help-debbugs@HIDDEN
Subject: bug#36335: Is /dev/kvm missing ACLs?
Resent-From: Danny Milosavljevic <dannym@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Mon, 01 Jul 2019 08:42:01 +0000
Resent-Message-ID: <handler.36335.B36335.156197048614459 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 36335
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Cc: 36335 <at> debbugs.gnu.org, Chris Marusich <cmmarusich@HIDDEN>
Received: via spool by 36335-submit <at> debbugs.gnu.org id=B36335.156197048614459
          (code B ref 36335); Mon, 01 Jul 2019 08:42:01 +0000
Received: (at 36335) by debbugs.gnu.org; 1 Jul 2019 08:41:26 +0000
Received: from localhost ([127.0.0.1]:47662 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1hhrsM-0003l9-I9
	for submit <at> debbugs.gnu.org; Mon, 01 Jul 2019 04:41:26 -0400
Received: from dd26836.kasserver.com ([85.13.145.193]:48204)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <dannym@HIDDEN>) id 1hhrsK-0003l0-JR
 for 36335 <at> debbugs.gnu.org; Mon, 01 Jul 2019 04:41:25 -0400
Received: from localhost (unknown [185.17.13.127])
 by dd26836.kasserver.com (Postfix) with ESMTPSA id 2363F33675E6;
 Mon,  1 Jul 2019 10:41:23 +0200 (CEST)
Date: Mon, 1 Jul 2019 10:41:14 +0200
From: Danny Milosavljevic <dannym@HIDDEN>
Message-ID: <20190701104114.0d0aca46@HIDDEN>
In-Reply-To: <87sgrv16rm.fsf@HIDDEN>
References: <87sgs1c4r0.fsf@HIDDEN> <87v9wu4v3l.fsf@HIDDEN>
 <87d0izlere.fsf@HIDDEN> <87sgrv16rm.fsf@HIDDEN>
X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-unknown-linux-gnu)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 boundary="Sig_/5LvMGATds7=.rj=6uU6k2zk"; protocol="application/pgp-signature"
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

--Sig_/5LvMGATds7=.rj=6uU6k2zk
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On Thu, 27 Jun 2019 15:45:33 +0200
Ludovic Court=C3=A8s <ludo@HIDDEN> wrote:

> I suspected a udev rule but =E2=80=98grep=E2=80=99 didn=E2=80=99t find an=
y that explicitly does
> that, and there=E2=80=99s no code in eudev that fiddles with ACLs either,=
 and
> nothing obvious in devtmpfs.c in Linux.  So=E2=80=A6 it=E2=80=99s a myste=
ry.

Might be elogind.  It sets some ACLs on login.


--Sig_/5LvMGATds7=.rj=6uU6k2zk
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl0ZxyoACgkQ5xo1VCww
uqUNMQf5AUKYuUZigE1cx2lJR6Zc7kaSqXmrKmdrcObWh0ekKECd5x6805XbkSMQ
+jczH1z5SfbvamIGRUHV9/zPkkxjmqMQujrKiQskx4SF95J7/0Z9WtGDvEhMU0RA
tZte6SzpO+mU6uZI2zIl0o/CTh6Zv3xzwWLqF+L99xWza9NRxoa3f2NZeoHCMFU6
nFeAP5LJ2dbBemo+MTZoI2LvE9cnd595QjU0k/QMwS7DLyvyQ1gKnToPQR5gyoWh
buDQ5lzWfDY/c2aDFNTjTTrssNw8xSbQIT/QZg+WDaKrWeF2bwqHHNEckp9l6hai
8K/bfmDKHal1LNwHbZ/IHHT6EH62Zg==
=wTZy
-----END PGP SIGNATURE-----

--Sig_/5LvMGATds7=.rj=6uU6k2zk--

Message sent to bug-guix@HIDDEN:

X-Loop: help-debbugs@HIDDEN
Subject: bug#36335: Is /dev/kvm missing ACLs?
Resent-From: Chris Marusich <cmmarusich@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Wed, 10 Jul 2019 06:24:02 +0000
Resent-Message-ID: <handler.36335.B36335.15627398215980 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 36335
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Cc: Danny Milosavljevic <dannym@HIDDEN>, 36335 <at> debbugs.gnu.org
Received: via spool by 36335-submit <at> debbugs.gnu.org id=B36335.15627398215980
          (code B ref 36335); Wed, 10 Jul 2019 06:24:02 +0000
Received: (at 36335) by debbugs.gnu.org; 10 Jul 2019 06:23:41 +0000
Received: from localhost ([127.0.0.1]:34755 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1hl60y-0001YO-Ks
	for submit <at> debbugs.gnu.org; Wed, 10 Jul 2019 02:23:40 -0400
Received: from mail-pg1-f182.google.com ([209.85.215.182]:34963)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <cmmarusich@HIDDEN>) id 1hl60v-0001Y9-UF
 for 36335 <at> debbugs.gnu.org; Wed, 10 Jul 2019 02:23:39 -0400
Received: by mail-pg1-f182.google.com with SMTP id s27so710502pgl.2
 for <36335 <at> debbugs.gnu.org>; Tue, 09 Jul 2019 23:23:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=nRX77cVHeJ0RhJGjyTJZxxWkKYIzUlfWbH5zlMTtW7Q=;
 b=NM6rYJYaIrpCc+cWheI5+gCFDdE+qr62aQzZ48b3SG+Q20PPkbxfBLGqbOY5b/U4RS
 BSmRA2qL+XE9cMb8kFq46u0P5wyXbWu/uHqQKfXTDL3ZxHypQFepTowdvwsqaKB+7ZtK
 mDULnNNqUoDa3vC3a3iYQ5vLZvVAyHc+b/KLN7Y1cTu5PL+5WCRY/3LKDqqnwLWOeJz0
 95NHjIgiDZ1A2Uasskd2pFA8RKMz8fnzsEzUdkaQIjOngiWaZn4mlLyCKfPGlXxEQhdz
 OANwSZYtAZwnaWjq4pXQq9S7t4Dl52RJLsw8c7L2RkpxrdEfaTX7/s+pqAKYY1H2OS4l
 adjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version;
 bh=nRX77cVHeJ0RhJGjyTJZxxWkKYIzUlfWbH5zlMTtW7Q=;
 b=RD0dIHjAaa8a36I84XiMTG7bXYX1GMUo/2LjnkBYZHHUr4eQaeO4ZHouYFlG5xNXhU
 KuM4mc5e4B3lCZRD1iXO3DdcEY34XKquC/CKe94S+ReRpF0srMoNhwBYJlVu99I+Nond
 aYiLjWqtGsVTpOE4zhXnv1qjX7+lrMsp7mZ3x5ROd3yifIrzTAOsz2/wSJGNhXizoyq7
 0mcj0Y0qIgTUHEpvsf4ShrHRPw2vKg+kTQEExzgtZzARh5P5xD+9UmSkjAbVYSaoCRN6
 v/XKH68amNGRKqZVDuJienVrspnlic9GMZocOpxXDjBt1sg068nbNNsLeyWvpWI+BNNE
 O29g==
X-Gm-Message-State: APjAAAUhhJSqdJ9LIHJwdq1XygcKUPRBT8sxn15WqzfaAIQkPYJ1++7b
 mjOtWH3FjRLrUVX2Gcb2lU5uMGvQ
X-Google-Smtp-Source: APXvYqyPfhl+KB1fwZaslkPZWDllSYh/QFYwUSZwRtwkxTPEztr8yopO2CAISN9k3GSvQ5f3Gu688A==
X-Received: by 2002:a63:fd0d:: with SMTP id d13mr36235557pgh.423.1562739811357; 
 Tue, 09 Jul 2019 23:23:31 -0700 (PDT)
Received: from garuda.local ([2601:601:9d80:25b2::d12])
 by smtp.gmail.com with ESMTPSA id s193sm2064275pgc.32.2019.07.09.23.23.29
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 09 Jul 2019 23:23:30 -0700 (PDT)
From: Chris Marusich <cmmarusich@HIDDEN>
References: <87sgs1c4r0.fsf@HIDDEN> <87v9wu4v3l.fsf@HIDDEN>
 <87d0izlere.fsf@HIDDEN> <87sgs1c4r0.fsf@HIDDEN>
 <87v9wu4v3l.fsf@HIDDEN> <87d0izlere.fsf@HIDDEN>
 <87sgrv16rm.fsf@HIDDEN> <87sgrv16rm.fsf@HIDDEN>
Date: Tue, 09 Jul 2019 23:23:28 -0700
In-Reply-To: <87sgrv16rm.fsf@HIDDEN> ("Ludovic
 \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
 \=\?utf-8\?Q\?s\?\= message of "Thu, 27
 Jun 2019 15:45:33 +0200, Mon, 1 Jul 2019 10:41:14 +0200")
Message-ID: <87lfx6l867.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Ludovic =?UTF-8?Q?Court=C3=A8s?= writes: > Hi Chris, > > Chris Marusich skribis:
    > >> Ludovic =?UTF-8?Q?Court=C3=A8s?= writes: >> >>> Guix System =?UTF-8?Q?doesn=E2=80=99t?= use ACLs at all.
    >>> >>> However, the udev rule for kvm sets it up like this: >>> >>> crw-rw----
    [...] 
 
 Content analysis details:   (1.3 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                             blocked.  See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URIs: scratchpost.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider (cmmarusich[at]gmail.com)
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [209.85.215.182 listed in list.dnswl.org]
  1.3 PDS_NO_HELO_DNS        High profile HELO but no A record
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.3 (/)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Ludovic Court=C3=A8s <ludo@HIDDEN> writes:

> Hi Chris,
>
> Chris Marusich <cmmarusich@HIDDEN> skribis:
>
>> Ludovic Court=C3=A8s <ludo@HIDDEN> writes:
>>
>>> Guix System doesn=E2=80=99t use ACLs at all.
>>>
>>> However, the udev rule for kvm sets it up like this:
>>>
>>>   crw-rw---- 1 root kvm 10, 232 Jun 24 08:38 /dev/kvm
>>>
>>> and the build users are part of the =E2=80=98kvm=E2=80=99 group.  I per=
sonally arrange
>>> to have my user account in that group too.
>>
>> It's good to know that the "kvm" group is the right way to grant
>> permissions.  However, if Guix System doesn't use ACLs, then why do some
>> of my device files have ACLs on them, such as the video device file?
>>
>> $ getfacl /dev/video0=20
>> getfacl: Removing leading '/' from absolute path names
>> # file: dev/video0
>> # owner: root
>> # group: video
>> user::rw-
>> user:marusich:rw-
>> group::rw-
>> mask::rw-
>> other::---
>
> Good question, I see the same thing here.
>
> I suspected a udev rule but =E2=80=98grep=E2=80=99 didn=E2=80=99t find an=
y that explicitly does
> that, and there=E2=80=99s no code in eudev that fiddles with ACLs either,=
 and
> nothing obvious in devtmpfs.c in Linux.  So=E2=80=A6 it=E2=80=99s a myste=
ry.
>
> Ludo=E2=80=99.

Danny Milosavljevic <dannym@HIDDEN> writes:

> On Thu, 27 Jun 2019 15:45:33 +0200
> Ludovic Court=C3=A8s <ludo@HIDDEN> wrote:
>
>> I suspected a udev rule but =E2=80=98grep=E2=80=99 didn=E2=80=99t find a=
ny that explicitly does
>> that, and there=E2=80=99s no code in eudev that fiddles with ACLs either=
, and
>> nothing obvious in devtmpfs.c in Linux.  So=E2=80=A6 it=E2=80=99s a myst=
ery.
>
> Might be elogind.  It sets some ACLs on login.

Might be.

I am content knowing that on Guix System, the intended way to control
access to /dev/kvm is by using the "kvm" group.  However, it still
smells like we may have an ACL-related bug: It seems to be unexpected
that ACLs are getting set for some devices (e.g., /dev/video0), but not
for others (e.g., /dev/kvm).

What do you think?

=2D-=20
Chris

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl0lhGAACgkQ3UCaFdgi
Rp3zIhAAg6dbHuIm1A6R2ExdkV4HFoKp3RWx7hwns8uNTwYQAMhd4myUpqPd1ArL
mDcF6r1sRHXJGH1O1RyBQTybOmkTXDo6Xu9d7793SDkNH0IkdtDi6lG8FFTKa5Vb
+BUwLI/Ec0PKw64XM1d3IxKM7TTnOmR6GyPadSx1ymjHQI39dnl8YBsg+9iQHRqx
llD9Tyt4gxcDEHvxEBlqOYyqFxSCMlnWEQKnm5yXwr81HeLm1v4QySr9CTWy2ML6
KN12G6FuI7d7ORa4J7IXN9hlwvZig7yLOAbFuxKYeSuGzZbrHRlKffmecFekduvC
PlHUx9MvuHoeAGvPgKF+blDDjV2odL6gtAMjeAbwJ2Hl4q/NELgZhhJ2rTVFTBIV
F0aU/oTl7DKHjfWXwdcyQdlfg/d2R8xGSdlJyoPvgUWq8U/PnL39xQ3IDw8vkLum
BLshfhzPmHKFlOmfaLlWv8Sz4j+WiJrJPZ0Yvk24ZEUjofYMEHIVq0ftL9y0boe3
c6tNIHZyAbhQm1oa0gLj/tHmo8752QDY64p64Fr3tRX/NAIGmkcpG9fas4ypniog
MS+kwbL6eo7rB+FaH3lS4/IIs/r6ybgWDUcPnpkhqLJJikKZScwgfm8d3rcH0E01
oSZpzHKzFLQgGqIOdogK8rYyieFwUBjtBpuDGfRnuq7v8Y2hI0M=
=etO6
-----END PGP SIGNATURE-----
--=-=-=--

Message sent to bug-guix@HIDDEN:

X-Loop: help-debbugs@HIDDEN
Subject: bug#36335: Is /dev/kvm missing ACLs?
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Wed, 10 Jul 2019 17:11:02 +0000
Resent-Message-ID: <handler.36335.B36335.15627786224323 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 36335
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Chris Marusich <cmmarusich@HIDDEN>
Cc: Danny Milosavljevic <dannym@HIDDEN>, 36335 <at> debbugs.gnu.org
Received: via spool by 36335-submit <at> debbugs.gnu.org id=B36335.15627786224323
          (code B ref 36335); Wed, 10 Jul 2019 17:11:02 +0000
Received: (at 36335) by debbugs.gnu.org; 10 Jul 2019 17:10:22 +0000
Received: from localhost ([127.0.0.1]:36517 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1hlG6n-00017d-1V
	for submit <at> debbugs.gnu.org; Wed, 10 Jul 2019 13:10:22 -0400
Received: from eggs.gnu.org ([209.51.188.92]:60263)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1hlG6l-00017Q-CK
 for 36335 <at> debbugs.gnu.org; Wed, 10 Jul 2019 13:10:19 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:47949)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
 id 1hlG6f-0007rb-RK; Wed, 10 Jul 2019 13:10:13 -0400
Received: from [81.18.188.212] (port=57586 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1hlG6b-0005EU-MZ; Wed, 10 Jul 2019 13:10:13 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
References: <87sgs1c4r0.fsf@HIDDEN> <87v9wu4v3l.fsf@HIDDEN>
 <87d0izlere.fsf@HIDDEN> <87sgs1c4r0.fsf@HIDDEN>
 <87v9wu4v3l.fsf@HIDDEN> <87d0izlere.fsf@HIDDEN>
 <87sgrv16rm.fsf@HIDDEN> <87sgrv16rm.fsf@HIDDEN>
 <87lfx6l867.fsf_-_@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 22 Messidor an 227 de la =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Wed, 10 Jul 2019 19:10:02 +0200
In-Reply-To: <87lfx6l867.fsf_-_@HIDDEN> (Chris Marusich's message of "Tue, 
 09 Jul 2019 23:23:28 -0700")
Message-ID: <87o921zuhh.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi,

Chris Marusich <cmmarusich@HIDDEN> skribis:

> I am content knowing that on Guix System, the intended way to control
> access to /dev/kvm is by using the "kvm" group.  However, it still
> smells like we may have an ACL-related bug: It seems to be unexpected
> that ACLs are getting set for some devices (e.g., /dev/video0), but not
> for others (e.g., /dev/kvm).
>
> What do you think?

I agree.  I=E2=80=99d like to have a definite answer as to where these come
from; elogind was suspect #1 but I haven=E2=80=99t found anything conclusiv=
e.

Ludo=E2=80=99.

Message sent to bug-guix@HIDDEN:

X-Loop: help-debbugs@HIDDEN
Subject: bug#36335: Is /dev/kvm missing ACLs?
Resent-From: Danny Milosavljevic <dannym@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Thu, 11 Jul 2019 07:19:01 +0000
Resent-Message-ID: <handler.36335.B36335.15628294968151 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 36335
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Cc: 36335 <at> debbugs.gnu.org, Chris Marusich <cmmarusich@HIDDEN>
Received: via spool by 36335-submit <at> debbugs.gnu.org id=B36335.15628294968151
          (code B ref 36335); Thu, 11 Jul 2019 07:19:01 +0000
Received: (at 36335) by debbugs.gnu.org; 11 Jul 2019 07:18:16 +0000
Received: from localhost ([127.0.0.1]:36984 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1hlTLM-00027P-EJ
	for submit <at> debbugs.gnu.org; Thu, 11 Jul 2019 03:18:16 -0400
Received: from dd26836.kasserver.com ([85.13.145.193]:56786)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <dannym@HIDDEN>) id 1hlTLK-00027H-QW
 for 36335 <at> debbugs.gnu.org; Thu, 11 Jul 2019 03:18:15 -0400
Received: from localhost (77.116.204.226.wireless.dyn.drei.com
 [77.116.204.226])
 by dd26836.kasserver.com (Postfix) with ESMTPSA id 39AA9336181B;
 Thu, 11 Jul 2019 09:18:11 +0200 (CEST)
Date: Thu, 11 Jul 2019 09:18:07 +0200
From: Danny Milosavljevic <dannym@HIDDEN>
Message-ID: <20190711091807.679799f6@HIDDEN>
In-Reply-To: <87o921zuhh.fsf@HIDDEN>
References: <87sgs1c4r0.fsf@HIDDEN> <87v9wu4v3l.fsf@HIDDEN>
 <87d0izlere.fsf@HIDDEN> <87sgs1c4r0.fsf@HIDDEN>
 <87v9wu4v3l.fsf@HIDDEN> <87d0izlere.fsf@HIDDEN>
 <87sgrv16rm.fsf@HIDDEN> <87sgrv16rm.fsf@HIDDEN>
 <87lfx6l867.fsf_-_@HIDDEN> <87o921zuhh.fsf@HIDDEN>
X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-unknown-linux-gnu)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 boundary="Sig_/v=t9PLxEDbvxY.HcQHvhMLm"; protocol="application/pgp-signature"
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

--Sig_/v=t9PLxEDbvxY.HcQHvhMLm
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

auditd can find those acl setters :)

# auditctl -w /dev/kvm -p a -k kvm-acl-setter-foo

Later on:

# ausearch -k kvm-acl-setter-foo

--Sig_/v=t9PLxEDbvxY.HcQHvhMLm
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl0m4q8ACgkQ5xo1VCww
uqWNTQf/TOsdDmK9XFT7iDP+MUNQzIYwFOGHl/uhzg+Wc9qpzz2E2tI5SPutunuJ
dUlzVih5XbzqsHKSexDGnAOidAmINpWcmZ7w+r7WVH0kZrl6QV9iF6D/GYsk6jmZ
4tjvaWTsZX/wmfvwRPxiKfVeXV221aIuG4Y2fPY8/SjQZqfrFR6mxEQhJ49TpNZS
Nl7xVbH85s79ge+fS4j0Y3r0prP7tDtF/URkeUtJEr4GbMMXUlsHeiETXrJqGWFR
TX1knyrZsN3dYEUXZWFVKVvI6rqrpEFqrrEEjTG9yjOCaFBZQosw9KxHr3UdPAID
0ZxGnWN1yVSodsAremXc3RQFb7tS9A==
=g4wp
-----END PGP SIGNATURE-----

--Sig_/v=t9PLxEDbvxY.HcQHvhMLm--

Last modified: Mon, 25 Nov 2019 12:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.