diff options
| author | Xi Ruoyao <xry111@xry111.site> | 2023-04-10 16:00:34 +0800 |
|---|---|---|
| committer | Xi Ruoyao <xry111@xry111.site> | 2023-04-10 16:17:04 +0800 |
| commit | dfde6640ebad505e7af7dc204a0e2c16dfddfb1e (patch) | |
| tree | db66a4ec7e89fda6a80fbfe23d1b62d6b93d5b2a | |
| parent | e9ab2b3af0176fbc460dc6a8ef6746901a954219 (diff) | |
systemd: Set /dev/kvm mode to 0660
The default /dev/kvm mode is 0666 and we consider it "not so safe".
Like Tim said: "I'm also authenticating to my system all the time and
don't do a chmod -R 777 / after every boot."
With this option, the /dev/kvm mode is set to 0660 and it's tagged
"uaccess" so systemd-logind will add an ACL entry for users logged-in
locally.
| -rw-r--r-- | chapter08/systemd.xml | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/chapter08/systemd.xml b/chapter08/systemd.xml index fcac04602..31d89e01a 100644 --- a/chapter08/systemd.xml +++ b/chapter08/systemd.xml @@ -66,6 +66,7 @@ meson --prefix=/usr \ -Dman=false \ -Dmode=release \ -Dpamconfdir=no \ + -Ddev-kvm-mode=0660 \ -Ddocdir=/usr/share/doc/systemd-&systemd-version; \ ..</userinput></screen> @@ -167,6 +168,15 @@ meson --prefix=/usr \ functional on LFS.</para> </listitem> </varlistentry> + + <varlistentry> + <term><parameter>-Ddev-kvm-mode=0660</parameter></term> + <listitem> + <para>The default udev rule would allow all users to access + <filename class='devicefile'>/dev/kvm</filename>. The editors + consider it dangerous. This option overrides it.</para> + </listitem> + </varlistentry> </variablelist> <para>Compile the package:</para> |