Debian Bug report logs - #414331
must not install udev rules files

version graph

Package: kvm; Maintainer for kvm is Michael Tokarev <mjt@tls.msk.ru>; Source for kvm is src:qemu-kvm (PTS, buildd, popcon).

Reported by: Marco d'Itri <md@linux.it>

Date: Sun, 11 Mar 2007 02:51:01 UTC

Severity: normal

Found in version kvm/14-1

Fixed in version kvm/28-2

Done: Baruch Even <baruch@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, md@linux.it, Baruch Even <baruch@debian.org>:
Bug#414331; Package kvm. (full text, mbox, link).


Acknowledgement sent to Marco d'Itri <md@linux.it>:
New Bug report received and forwarded. Copy sent to md@linux.it, Baruch Even <baruch@debian.org>. (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Marco d'Itri <md@linux.it>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: must not install udev rules files
Date: Sun, 11 Mar 2007 03:47:19 +0100
[Message part 1 (text/plain, inline)]
Package: kvm
Version: 14-1
Severity: normal

Looks like you missed the part of README.Debian which says:

  MAINTAINERS BEWARE: the use of /etc/udev/rules.d/ by other packages is
  discouraged, except when only RUN rules are added.
  If you think your package needs to create a file there, then please
  contact the udev package maintainer and explain your needs.

Also, dh_installudev is badly broken and must not be used.

Please remove the file (beware, it's a conffile and needs to be delete
in the maintainer scripts!) and symlink in your next package upload,
I will add /dev/kvm to the next udev upload.

BTW... /dev/qemu has permissions 666, why restrict /dev/kvm to a
specific group?

-- 
ciao,
Marco
[signature.asc (application/pgp-signature, inline)]

Reply sent to Baruch Even <baruch@debian.org>:
You have taken responsibility. (full text, mbox, link).


Notification sent to Marco d'Itri <md@linux.it>:
Bug acknowledged by developer. (full text, mbox, link).


Message #10 received at 414331-close@bugs.debian.org (full text, mbox, reply):

From: Baruch Even <baruch@debian.org>
To: 414331-close@bugs.debian.org
Subject: Bug#414331: fixed in kvm 28-2
Date: Sun, 17 Jun 2007 21:47:02 +0000
Source: kvm
Source-Version: 28-2

We believe that the bug you reported is fixed in the latest version of
kvm, which is due to be installed in the Debian FTP archive:

kvm-source_28-2_all.deb
  to pool/main/k/kvm/kvm-source_28-2_all.deb
kvm_28-2.diff.gz
  to pool/main/k/kvm/kvm_28-2.diff.gz
kvm_28-2.dsc
  to pool/main/k/kvm/kvm_28-2.dsc
kvm_28-2_i386.deb
  to pool/main/k/kvm/kvm_28-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 414331@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Baruch Even <baruch@debian.org> (supplier of updated kvm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 17 Jun 2007 21:13:07 +0100
Source: kvm
Binary: kvm-source kvm
Architecture: source i386 all
Version: 28-2
Distribution: unstable
Urgency: low
Maintainer: Baruch Even <baruch@debian.org>
Changed-By: Baruch Even <baruch@debian.org>
Description: 
 kvm        - Full virtualization on x86 hardware
 kvm-source - Source for the KVM driver
Closes: 414331 417151 417652
Changes: 
 kvm (28-2) unstable; urgency=low
 .
   * We moved a file from kvm-source to kvm, to be able to properly upgrade we
     specify a conflict against older versions (Closes: #417652)
   * Fix kvm-ifup script to work in more conditions (Closes: #417151)
   * Remove old /etc/udev/kvm.rules since it's not needed (Closes: #414331)
Files: 
 7847a24753bd13077e17e604719f650b 839 misc optional kvm_28-2.dsc
 81b5e3b9e5180cf413e98016c11bf1a1 35221 misc optional kvm_28-2.diff.gz
 66f934d4f35d86db771a66a0c6f4e16c 93076 misc optional kvm-source_28-2_all.deb
 079aa0ce1de09e1c1b6c501ea1d613a2 505922 misc optional kvm_28-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGdadcHCar6qtHRZgRAq6LAJ4335XtYDUjT+u2tiEpbu3P2K/jTwCeNYgv
0A57D3xUz9qZi1K4vHvCpdg=
=aogw
-----END PGP SIGNATURE-----




Message sent on to Marco d'Itri <md@linux.it>:
Bug#414331. (full text, mbox, link).


Message #13 received at 414331-submitter@bugs.debian.org (full text, mbox, reply):

From: Baruch Even <baruch@ev-en.org>
To: 414331-submitter@bugs.debian.org
Subject: udev and permissions for kvm
Date: Sun, 17 Jun 2007 19:49:18 +0100
Hi,

Sorry for taking so long to get to the issue.

I've removed the udev files from the kvm package in 18-1 but didn't 
remove the files in the maintainer scripts, are there any guidelines how 
to do it safely?

Regarding your question about the permissions, I actually have no idea 
why we chose to use group kvm to limit access to kvm. I've now asked on 
kvm-devel what other distributions do and what others think about this. 
I myself tend towards the kqemu method to make it simple assuming that 
the kvm module takes care of its own security issues internally.

Baruch



Message sent on to Marco d'Itri <md@linux.it>:
Bug#414331. (full text, mbox, link).


Message #16 received at 414331-submitter@bugs.debian.org (full text, mbox, reply):

From: Baruch Even <baruch@ev-en.org>
To: 414331-submitter@bugs.debian.org
Subject: kvm permissions
Date: Sun, 17 Jun 2007 20:20:46 +0100
According to Avi Kivity, the kvm upstream, the recommendation is for the 
permissions to be as they are now, a kvm group with 0660 access. The 
reason is that kvm locks a lot of kernel memory thus letting users free 
reign can let a rogue user lock up all the kernel memory.

Due to this I will keep the current permissions as they are.

I'll still need your response regarding the old udev files before I can 
close the bug.

Cheers,
Baruch



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 17 Jul 2007 07:27:35 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Jan 6 02:04:06 2018; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.