Ubuntu
qemu package

Bug #156085
Comment #58

Comment 58 for bug 156085

Revision history for this message

Matt Zimmerman (mdz) wrote on 2008-09-05: Re: [Bug 156085] Could not open /proc/bus/usb/devices

#58

On Fri, Sep 05, 2008 at 03:59:06PM -0000, TJ wrote:
> On Fri, 2008-09-05 at 07:41 +0000, Martin Pitt wrote:
> > Perhaps the raw device node permissions should be set to be the same as the
> > cooked ones? This would at least avoid tweaking for devices recognized by
> > the kernel.
>
> Which cooked ones are you thinking about, Matt? From what I can see the
> cooked group/permissions are mostly target-specific (e.g. block, video,
> serial) whereas what the hypervisor needs is one group to cover all
> device classes.

I was thinking of, for example, USB serial devices (which end up with
'dialout' I believe) and USB storage devices (disk). Then the existing
groups could be used, and would correspond to roughly the same privileges.

> > Alternatively, we could punt and say that USB pass-through requires root
> > privileges or manual tweaking of the device node permissions. I'm not sure
> > to what extent this feature is used in typical KVM usage; I would think it's
> > mostly useful for reverse engineering and such.
>
> My experience, from watching the number of frustrated users posting in
> forums on and off Ubuntu, is that there is a growing number of
> non-technical users expecting that a VM guest 'will just work' with
> their devices (mice, cameras, tablets, scanners (especially), printers,
> etc.), and using the deprecated work-around
> in /etc/init.d/mountdevsubfs.sh and commenting out the 'magic' around
> line 40.
>
> This is true particularly when the guest is a Windows variant and their
> purpose in using the Windows guest is to use the drivers to access a
> device (esp. cameras, scanners and printers) that they find problematic
> or unsupported in Linux.
>
> This class of non-technical user:
>
> * expect access to their USB devices in the VM guest the same as if it
> were running on the the physical machine
> * should not be using root access

I understand, but I'm struggling with how we can grant raw hardware-level
access to these devices (as needed by VMs) without compromising security on
the host. USB is used for a wide range of peripherals, some of which should
not be entrusted to unprivileged users.

> If the raw device nodes in /dev/bus/usb/*/* are so unique in terms of
> permissions then maybe this special-case is justifiable as a user-chosen
> option (recommended but not a default package install) since it is
> addressing a different scenario than the deprecated "plugdev" group?

I'd like to find a way to make this work in the "new world order" first, if
possible. I expect now that we've given him plenty of detail on the use
cases, Martin will have a good suggestion.

--
- mdz

On Fri, Sep 05, 2008 at 03:59:06PM -0000, TJ wrote:
> On Fri, 2008-09-05 at 07:41 +0000, Martin Pitt wrote:
> > Perhaps the raw device node permissions should be set to be the same as the
> > cooked ones?  This would at least avoid tweaking for devices recognized by
> > the kernel.
> 
> Which cooked ones are you thinking about, Matt? From what I can see the
> cooked group/permissions are mostly target-specific (e.g. block, video,
> serial) whereas what the hypervisor needs is one group to cover all
> device classes.

I was thinking of, for example, USB serial devices (which end up with
'dialout' I believe) and USB storage devices (disk).  Then the existing
groups could be used, and would correspond to roughly the same privileges.

> > Alternatively, we could punt and say that USB pass-through requires root
> > privileges or manual tweaking of the device node permissions.  I'm not sure
> > to what extent this feature is used in typical KVM usage; I would think it's
> > mostly useful for reverse engineering and such.
> 
> My experience, from watching the number of frustrated users posting in
> forums on and off Ubuntu, is that there is a growing number of
> non-technical users expecting that a VM guest 'will just work' with
> their devices (mice, cameras, tablets, scanners (especially), printers,
> etc.), and using the deprecated work-around
> in /etc/init.d/mountdevsubfs.sh and commenting out the 'magic' around
> line 40.
> 
> This is true particularly when the guest is a Windows variant and their
> purpose in using the Windows guest is to use the drivers to access a
> device (esp. cameras, scanners and printers) that they find problematic
> or unsupported in Linux.
> 
> This class of non-technical user:
> 
> * expect access to their USB devices in the VM guest the same as if it
> were running on the the physical machine
> * should not be using root access

I understand, but I'm struggling with how we can grant raw hardware-level
access to these devices (as needed by VMs) without compromising security on
the host.  USB is used for a wide range of peripherals, some of which should
not be entrusted to unprivileged users.

I'd like to find a way to make this work in the "new world order" first, if
possible.  I expect now that we've given him plenty of detail on the use
cases, Martin will have a good suggestion.

-- 
 - mdz

Ubuntuqemu package

Comment 58 for bug 156085

Ubuntu
qemu package