Hi, Guix does not seem to have multiseat support. What would it take to add it? Is anyone on the list familiar with how multiseat is achieved in other distros, such as Fedora? Here is an example of a problem that happens because we don't have good multiseat support: When I launch virt-manager via "sudo -E virt-manager", I can connect a USB device from the host to a running VM by clicking on the "Virtual Machine > Redirect USB Device" menu entry. However, if I launch virt-manager normally (as the unprivileged user "marusich") and try this, it fails due to insufficient permissions: spice-client-error-quark: Could not redirect [the device] at [the device's address]: Could not open usb device: Access denied (insufficient permissions) [-3] (0) I can work around the issue without root privileges by giving myself write permission on the device in question. For example: sudo setfacl -m u:marusich:rw /dev/bus/usb/001/007 Alternatively, I could have just changed the file mode or ownership. Here are the file mode, ownership, and ACLs after I did this: [0] marusich@garuda.local:~ $ ls -l /dev/bus/usb/001/007 crw-rw-r--+ 1 root root 189, 6 Oct 19 13:31 /dev/bus/usb/001/007 [0] marusich@garuda.local:~ $ getfacl /dev/bus/usb/001/007 getfacl: Removing leading '/' from absolute path names # file: dev/bus/usb/001/007 # owner: root # group: root user::rw- user:marusich:rw- group::rw- mask::rw- other::r-- My user is in these groups: $ id uid=1000(marusich) gid=998(users) groups=998(users),976(libvirt),977(tor),984(kvm),990(netdev),992(video),999(wheel),30001(plugdev) I would like to be able to attach USB devices to VMs without running virt-manager as root, and without manually granting access to device files. How can we achieve that in Guix? Well, to do that we would need an automatic mechanism which grants appropriate permissions on the relevant device nodes. There are many ways to accomplish that. For example, Fedora automatically detects when a device is connected to a user's seat (I'm not sure if that's the right terminology) and grants them access (via ACLs, I believe). Concretely, Fedora accomplishes this by configuring systemd, udev rules, and perhaps other parts of the system in specific ways. This allows two different users Alice and Bob to have access to their own hardware on their own seats (e.g., in a shared computer lab situation), without allowing Alice to access Bob's hardware on Bob's seat, or vice versa. That's really nice. I'm not very familiar with all the mechanisms, but I think anyone would want the result, which is called "multiseat": https://www.freedesktop.org/wiki/Software/systemd/multiseat/ For now, the immediate, course-grained, automatic solution for my virt-manager problem is: I can add udev rules that will unconditionally set the group of USB device nodes to a special group, maybe named "usb". If I then add my user to the "usb" group, I will have access to all USB devices without any extra effort. However, this solution is too course-grained. Alice and Bob would both need to be in the "usb" group to access their own seat's devices, but Alice will be able to access Bob's devices, and vice versa, which is not good. The multiseat solution seems nicer, but it seems complicated to implement. Since it seems to rely on systemd in some fashion, it may be even more difficult to implement in Guix, as we only use extracted parts of systemd (e.g., elogind). What would it take to add multiseat support in Guix? -- Chris