Why a user could run qemu virtual machine in KVM mode without access to /dev/kvm on Debian 12 (bookworm)?
One user account
A, could run qemu VMs with kvm enabled, with the option
A does not have access to
/dev/kvm. The related user groups and
/dev/kvm permission is as follows.
$ id uid=1004(A) gid=1004(A) groups=1004(A),100(users) $ stat /dev/kvm File: /dev/kvm Size: 0 Blocks: 0 IO Block: 4096 character special file Device: 0,5 Inode: 714 Links: 1 Device type: 10,232 Access: (0660/crw-rw----) Uid: ( 0/ root) Gid: ( 104/ kvm)
According to [SOLVED] Qemu with KVM fails, permission denied and other posts, users need to have access to
/dev/kvm to use kvm-enabled qemu VMs.
This is usually done by putting a user into the group
A is able to use qemu VMs with KVM?
- Debian GNU/Linux 12 (bookworm)
- installed with a live iso
On Debian (and others),
/dev/kvm is managed using
uaccess; essentially, this provides access to certain devices to the user logged in “at the console” (i.e. sitting in front of the computer).
You can see this in action by checking the ACLs:
This should show an ACL granting read/write access to user A.
You’ll find the relevant
udev rule in
/lib/udev/rules.d/70-uaccess.rules. See also What's the purpose of kvm, libvirt and libvirt-qemu groups in Linux?