system: Add udev rule for /dev/kvm.

* gnu/services/base.scm (kvm-udev-rule): New procedure.
  (udev-service): Use it, and add it to RULES.
  (guix-build-accounts): Add "kvm" to the 'supplementary-groups' field.
* gnu/system/shadow.scm (%base-groups): Add "kvm".

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index b38d3e3..3bb4f97 100644 (file)
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -418,7 +418,7 @@ starting at FIRST-UID, and under GID."
                        ;; guix-daemon expects GROUP to be listed as a
                        ;; supplementary group too:
                        ;; <http://lists.gnu.org/archive/html/bug-guix/2013-01/msg00239.html>.
-                       (supplementary-groups (list group))
+                       (supplementary-groups (list group "kvm"))
 
                        (comment (format #f "Guix Build User ~2d" n))
                        (home-directory "/var/empty")
@@ -526,10 +526,31 @@ item of @var{packages}."
                                 (guix build utils))
                     #:local-build? #t))
 
+(define* (kvm-udev-rule)
+  "Return a directory with a udev rule that changes the group of
+@file{/dev/kvm} to \"kvm\" and makes it #o660."
+  ;; Apparently QEMU-KVM used to ship this rule, but now we have to add it by
+  ;; ourselves.
+  (gexp->derivation "kvm-udev-rules"
+                    #~(begin
+                        (use-modules (guix build utils))
+
+                        (define rules.d
+                          (string-append #$output "/lib/udev/rules.d"))
+
+                        (mkdir-p rules.d)
+                        (call-with-output-file
+                            (string-append rules.d "/90-kvm.rules")
+                          (lambda (port)
+                            (display "\
+KERNEL==\"kvm\", GROUP=\"kvm\", MODE=\"0660\"\n" port))))
+                    #:modules '((guix build utils))))
+
 (define* (udev-service #:key (udev eudev) (rules '()))
   "Run @var{udev}, which populates the @file{/dev} directory dynamically.  Get
 extra rules from the packages listed in @var{rules}."
-  (mlet* %store-monad ((rules     (udev-rules-union (cons udev rules)))
+  (mlet* %store-monad ((kvm       (kvm-udev-rule))
+                       (rules     (udev-rules-union (cons* udev kvm rules)))
                        (udev.conf (text-file* "udev.conf"
                                               "udev_rules=\"" rules
                                               "/lib/udev/rules.d\"\n")))

diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm
index 3549eef..6970021 100644 (file)
--- a/gnu/system/shadow.scm
+++ b/gnu/system/shadow.scm
@@ -103,7 +103,8 @@
           (system-group (name "disk"))
           (system-group (name "floppy"))
           (system-group (name "cdrom"))
-          (system-group (name "tape")))))
+          (system-group (name "tape"))
+          (system-group (name "kvm")))))             ; for /dev/kvm
 
 (define (default-skeletons)
   "Return the default skeleton files for /etc/skel.  These files are copied by