diff --git a/gnu/services/base.scm b/gnu/services/base.scm index b38d3e3765..3bb4f9721b 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -418,7 +418,7 @@ starting at FIRST-UID, and under GID." ;; guix-daemon expects GROUP to be listed as a ;; supplementary group too: ;; . - (supplementary-groups (list group)) + (supplementary-groups (list group "kvm")) (comment (format #f "Guix Build User ~2d" n)) (home-directory "/var/empty") @@ -526,10 +526,31 @@ item of @var{packages}." (guix build utils)) #:local-build? #t)) +(define* (kvm-udev-rule) + "Return a directory with a udev rule that changes the group of +@file{/dev/kvm} to \"kvm\" and makes it #o660." + ;; Apparently QEMU-KVM used to ship this rule, but now we have to add it by + ;; ourselves. + (gexp->derivation "kvm-udev-rules" + #~(begin + (use-modules (guix build utils)) + + (define rules.d + (string-append #$output "/lib/udev/rules.d")) + + (mkdir-p rules.d) + (call-with-output-file + (string-append rules.d "/90-kvm.rules") + (lambda (port) + (display "\ +KERNEL==\"kvm\", GROUP=\"kvm\", MODE=\"0660\"\n" port)))) + #:modules '((guix build utils)))) + (define* (udev-service #:key (udev eudev) (rules '())) "Run @var{udev}, which populates the @file{/dev} directory dynamically. Get extra rules from the packages listed in @var{rules}." - (mlet* %store-monad ((rules (udev-rules-union (cons udev rules))) + (mlet* %store-monad ((kvm (kvm-udev-rule)) + (rules (udev-rules-union (cons* udev kvm rules))) (udev.conf (text-file* "udev.conf" "udev_rules=\"" rules "/lib/udev/rules.d\"\n"))) diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm index 3549eefc0c..6970021e1f 100644 --- a/gnu/system/shadow.scm +++ b/gnu/system/shadow.scm @@ -103,7 +103,8 @@ (system-group (name "disk")) (system-group (name "floppy")) (system-group (name "cdrom")) - (system-group (name "tape"))))) + (system-group (name "tape")) + (system-group (name "kvm"))))) ; for /dev/kvm (define (default-skeletons) "Return the default skeleton files for /etc/skel. These files are copied by