From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Marusich Subject: Multiseat in Guix Date: Sat, 19 Oct 2019 14:01:50 -0700 Message-ID: <87r238cuv5.fsf@gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:53613) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iLvrO-000566-F3 for guix-devel@gnu.org; Sat, 19 Oct 2019 17:02:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iLvrL-0008TX-Q1 for guix-devel@gnu.org; Sat, 19 Oct 2019 17:02:02 -0400 Received: from mail-pf1-x443.google.com ([2607:f8b0:4864:20::443]:40069) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iLvrK-0008SQ-Jp for guix-devel@gnu.org; Sat, 19 Oct 2019 17:01:59 -0400 Received: by mail-pf1-x443.google.com with SMTP id x127so5927765pfb.7 for ; Sat, 19 Oct 2019 14:01:58 -0700 (PDT) Received: from garuda.local ([2601:601:9d80:25b2::f11]) by smtp.gmail.com with ESMTPSA id b14sm11565376pfi.95.2019.10.19.14.01.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Oct 2019 14:01:54 -0700 (PDT) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi, Guix does not seem to have multiseat support. What would it take to add it? Is anyone on the list familiar with how multiseat is achieved in other distros, such as Fedora? Here is an example of a problem that happens because we don't have good multiseat support: When I launch virt-manager via "sudo -E virt-manager", I can connect a USB device from the host to a running VM by clicking on the "Virtual Machine > Redirect USB Device" menu entry. However, if I launch virt-manager normally (as the unprivileged user "marusich") and try this, it fails due to insufficient permissions: spice-client-error-quark: Could not redirect [the device] at [the device's address]: Could not open usb device: Access denied (insufficient permissions) [-3] (0) I can work around the issue without root privileges by giving myself write permission on the device in question. For example: sudo setfacl -m u:marusich:rw /dev/bus/usb/001/007 Alternatively, I could have just changed the file mode or ownership. Here are the file mode, ownership, and ACLs after I did this: [0] marusich@garuda.local:~ $ ls -l /dev/bus/usb/001/007 crw-rw-r--+ 1 root root 189, 6 Oct 19 13:31 /dev/bus/usb/001/007 [0] marusich@garuda.local:~ $ getfacl /dev/bus/usb/001/007 getfacl: Removing leading '/' from absolute path names # file: dev/bus/usb/001/007 # owner: root # group: root user::rw- user:marusich:rw- group::rw- mask::rw- other::r-- My user is in these groups: $ id uid=3D1000(marusich) gid=3D998(users) groups=3D998(users),976(libvirt),97= 7(tor),984(kvm),990(netdev),992(video),999(wheel),30001(plugdev) I would like to be able to attach USB devices to VMs without running virt-manager as root, and without manually granting access to device files. How can we achieve that in Guix? Well, to do that we would need an automatic mechanism which grants appropriate permissions on the relevant device nodes. There are many ways to accomplish that. For example, Fedora automatically detects when a device is connected to a user's seat (I'm not sure if that's the right terminology) and grants them access (via ACLs, I believe). Concretely, Fedora accomplishes this by configuring systemd, udev rules, and perhaps other parts of the system in specific ways. This allows two different users Alice and Bob to have access to their own hardware on their own seats (e.g., in a shared computer lab situation), without allowing Alice to access Bob's hardware on Bob's seat, or vice versa. That's really nice. I'm not very familiar with all the mechanisms, but I think anyone would want the result, which is called "multiseat": https://www.freedesktop.org/wiki/Software/systemd/multiseat/ For now, the immediate, course-grained, automatic solution for my virt-manager problem is: I can add udev rules that will unconditionally set the group of USB device nodes to a special group, maybe named "usb". If I then add my user to the "usb" group, I will have access to all USB devices without any extra effort. However, this solution is too course-grained. Alice and Bob would both need to be in the "usb" group to access their own seat's devices, but Alice will be able to access Bob's devices, and vice versa, which is not good. The multiseat solution seems nicer, but it seems complicated to implement. Since it seems to rely on systemd in some fashion, it may be even more difficult to implement in Guix, as we only use extracted parts of systemd (e.g., elogind). What would it take to add multiseat support in Guix? =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl2reb4ACgkQ3UCaFdgi Rp212BAAsm4ezhrG1Y6KcAhB36SC0zRL5ebssxpdhler/yz2qdqoUUIwDmcOlabC hqCAXVsx2VnOzXGg2vUAPfxYV4tJ0sXDf70AnM+dAexYeQgKhSVLD6Kv8UokoHDA aNCwBlQYZd2EN4HgKrirHBWMJ+XBFpxWMH6NTGZOO+k6Dnn3gdZadgM47N7tu/fE j06wONUoecM8hUYS5qvlC+Qpyu+7LxYUIUJ877F+NNomJ7J5P/xnc38ediQW/orE NGHF7sBOybO5ZcvBJk7ymqMAQfDGpR6Tc76FVz1c8eZddKMWrkWznOk1INmPZUZA kLjAeqRBrbi9nIvvzVcA0q3Kseh7NOUu18p8iqw9lmAtgyIJx3oZL7LId0hCl/J7 N7Ks4KVNuBNq2E2y6XpeLg2rxVJNiPUYaG5e/zd2EobzAxOULaF08YRu0C20/0V2 UZUS2IUu6s9zKuac6WmqQ8+iOQsCXgpKhF1WFqPWfED7K4xa/yfwRDc545pNRWeE 6bv6WpAzfBu+KbR2pRs6A5MdJspiJXTMsI8+y0z7PJjki8+obcSl+Mvr/XZ7e7S7 TIMkFVj66OICO7Rc6b9NFJlZ8u2gAvkJAqBXbGfvDUAxnEYuS1iMc/Mllh5Nfr02 wsI3e/f/HJvD0L94n4+c3TmglU5/xbKcsIFAE558s7jyXzO2CS0= =ocRx -----END PGP SIGNATURE----- --=-=-=--