Qemu: add a group kvm to access /dev/kvm eaiser

As a normal user, it is not possible to use qemu with KVM. This is bad
because it is better when it is possible to start the machine with a
less privileged user. To achieve this a group KVM is created and the
access to /dev/kvm is allowed for this group. So every user in this
group can use qemu with KVM.
This change is also useful for libvirt because the VMs can be started
with user nobody and group kvm.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/qemu/65-kvm.rules

@@ -0,0 +1,2 @@
+KERNEL=="kvm", GROUP="kvm", MODE="0660"
+KERNEL=="vhost-net", GROUP="kvm", MODE="0660", TAG+="uaccess", OPTIONS+="static_node=vhost-net"

config/rootfiles/packages/qemu

@@ -1,3 +1,4 @@
+lib/udev/rules.d/65-kvm.rules
 usr/bin/qemu
 usr/bin/qemu-arm
 usr/bin/qemu-ga

lfs/qemu

@@ -33,7 +33,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 SUP_ARCH   = i586 x86_64
 PROG       = qemu
-PAK_VER    = 18
+PAK_VER    = 19
 
 DEPS       = "sdl spice"
 
@@ -95,6 +95,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	paxctl -m -r /usr/bin/qemu-arm
 	paxctl -m -r /usr/bin/qemu-i386
 	paxctl -m -r /usr/bin/qemu-x86_64
+	# install an udev script to set the permissions of /dev/kvm
+	cp -avf $(DIR_SRC)/config/qemu/65-kvm.rules /lib/udev/rules.d/65-kvm.rules
 
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)

src/paks/qemu/install.sh

@@ -22,6 +22,8 @@
 ############################################################################
 #
 . /opt/pakfire/lib/functions.sh
+#create the group kvm when they not exist
+getent group kvm >/dev/null || groupadd kvm
 extract_files
 restore_backup ${NAME}
 echo shm	/dev/shm	tmpfs	defaults,size=256M	0	0 >> /etc/fstab