From mboxrd@z Thu Jan 1 00:00:00 1970 From: Giovanni Biscuolo Subject: Re: KVM kernel module permission denied on foreign distro Date: Sun, 20 Jan 2019 12:32:53 +0100 Message-ID: <87tvi3tvh6.fsf@roquette.mug.biscuolo.net> References: <8736ppugm5.fsf@roquette.mug.biscuolo.net> <87zhrwty6j.fsf@roquette.mug.biscuolo.net> <874la4a7k5.fsf@ambrevar.xyz> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([209.51.188.92]:52379) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1glBLq-0008TL-4I for guix-devel@gnu.org; Sun, 20 Jan 2019 06:33:18 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1glBLo-00007O-IO for guix-devel@gnu.org; Sun, 20 Jan 2019 06:33:17 -0500 In-Reply-To: <874la4a7k5.fsf@ambrevar.xyz> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Pierre Neidhardt Cc: guix-devel@gnu.org, help-guix@gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Pierre, Pierre Neidhardt writes: > If I'm not mistaken, this is because you need to add the builders to the = 'kvm' > group. yes! this solved the "Could not access KVM kernel module: Permission denied" I had with "guix system vm" (both as user and root): $ for i in `seq -w 1 10`; do sudo usermod -G guixbuild,kvm guixbuilder$i;= done $ sudo systemctl restart guix-daemon.service # since my init system is sy= stemd the fact that builds are made by a dedicated daemon using dedicated unprivileged users (guixbuilder${i}) in an isolated environment is pretty new to me and sometimes I forget it :-S > From the manual ((guix) 2.4.1 Build Environment Setup): > > --8<---------------cut here---------------start------------->8--- > To use =E2=80=98guix system vm=E2=80=99 and related commands, > you may need to add the build users to the =E2=80=98kvm=E2=80=99 group so= they can > access =E2=80=98/dev/kvm=E2=80=99, using =E2=80=98-G guixbuild,kvm=E2=80= =99 instead of =E2=80=98-G guixbuild=E2=80=99 > (*note Invoking guix system::). > --8<---------------cut here---------------end--------------->8--- I read that but skipped that because lazy people like me use installers :-), so I used the shell installer script mentioned in "(guix)Binary Installation" and that does not add guixbuilder${i} users to the kvm group in "sys_create_build_user()" shell function moreover, "(guix)Invoking guix system" should mention this in the "`vm`" section, in case users (like me) skipped or misunderstood that part of "(guix)Build Environment Setup" for any reason tomorrow I'm going to propose a couple of patches to address both of the above mentioned issues Thanks! Giovanni =2D-=20 Giovanni Biscuolo Xelera IT Infrastructures --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERcxjuFJYydVfNLI5030Op87MORIFAlxEXGUACgkQ030Op87M ORLvrg//WKsjB0w8L6AvZb61ZbYwpoGODz3Dn+hEZA4v3dYkCDx+oU/XwN3+h73H dTH0mbTXTcC5dvbC8oGAXom5+lTuGe5YkwoFZg6G4aflunROv2COtAIvx9XUwJH3 G4C2vbhvIezlS+pkqsVbA4kQmLNnwVPMKprdcDTlF/CSxzLdUlesLZ6Y1OivxHru /Pn5czJBG0WaqCJhP2i8CxW4QuG4qMxL1aHkQpEkRPbwX2gSx2iM9yjVuq4jd4L8 Ml5enCYGyeAI6yv2EOw6ArhPLccQE6P//j0lnAT44btZqiIc3GbT1pcA0gIli8ot Di80sq0QMucLfA5t8NEINi9O5b4gTIW48UEdxVlcY+xl6ilDxsTOn2oVBP43Qn0I /mUgJAUl70pkzsi8915qbkqHapWwSBp6vMUSt7//7QIiIDsAw9eykU16EIgxOfRY W6429jNPWFwjyYtz9u8dB91Qv7J4lzP8P2qiZHuRvuNJcx7EhRLA2d63lYNh2sCR 9IhODK+2WbcuYcN6ANLLFVjOg2kQS2ltf3cN760kcyZtPaAxK9Ne6UNFiQsH50ky Mx4JTqAJwdz0O/Xoi4pZ5x1VBHZVLVecZyW9ZOI4aDrei/pRQqU7Oildtl3AwiqM 8BDM/NkTY+ksM01kJjfMqyIMDJjk4TDyGpIrICJYguWVdSXiGKk= =UX0l -----END PGP SIGNATURE----- --=-=-=--