From c78939d5652aaee2731956282c1c17aa9f7f710f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Tue, 12 Jan 2021 16:03:37 +0400
Subject: [PATCH] udev: allow kvm group to access vhost-vsock device
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

/dev/vhost-vsock allows to setup a guest CID and running
state (VHOST_VSOCK_SET_GUEST_CID, VHOST_VSOCK_SET_RUNNING)

All this should be legitimate and safe for KVM users.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 rules.d/50-udev-default.rules.in            | 1 +
 tmpfiles.d/static-nodes-permissions.conf.in | 1 +
 2 files changed, 2 insertions(+)

diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in
index 6688b840d6..0cc70b1bd0 100644
--- a/rules.d/50-udev-default.rules.in
+++ b/rules.d/50-udev-default.rules.in
@@ -86,6 +86,7 @@ KERNEL=="fuse", MODE="0666", OPTIONS+="static_node=fuse"
 KERNEL=="kvm", GROUP="kvm", MODE="@DEV_KVM_MODE@", OPTIONS+="static_node=kvm"
 
 KERNEL=="vsock", MODE="0666"
+KERNEL=="vhost-vsock", GROUP="kvm", MODE="@DEV_KVM_MODE@", OPTIONS+="static_node=vhost-vsock"
 
 KERNEL=="udmabuf", GROUP="kvm"
 
diff --git a/tmpfiles.d/static-nodes-permissions.conf.in b/tmpfiles.d/static-nodes-permissions.conf.in
index 50cffe2cd9..923ce7d93e 100644
--- a/tmpfiles.d/static-nodes-permissions.conf.in
+++ b/tmpfiles.d/static-nodes-permissions.conf.in
@@ -15,3 +15,4 @@ z /dev/loop-control 0660 - disk  -
 z /dev/net/tun      0666 - -     -
 z /dev/fuse         0666 - -     -
 z /dev/kvm          @DEV_KVM_MODE@ - kvm -
+z /dev/vhost-vsock  @DEV_KVM_MODE@ - kvm -