[libvirt] Add system group for passthrough devices that a user can access

3 files changed, 8 insertions, 1 deletions

diff --git a/core/modules/libvirt/data/etc/udev/rules.d/50-libvirt-passthrough.rules b/core/modules/libvirt/data/etc/udev/rules.d/50-libvirt-passthrough.rules
new file mode 100644
index 00000000..154b5f38
--- /dev/null
+++ b/core/modules/libvirt/data/etc/udev/rules.d/50-libvirt-passthrough.rules
@@ -0,0 +1 @@
+SUBSYSTEM=="vfio", OWNER="root", GROUP="libvirt-passthrough", MODE="0660"
diff --git a/core/modules/libvirt/data/opt/openslx/pam/hooks/auth-final-exec.d/45-add-to-libvirt-passthrough.sh b/core/modules/libvirt/data/opt/openslx/pam/hooks/auth-final-exec.d/45-add-to-libvirt-passthrough.sh
new file mode 100755
index 00000000..3dedb96a
--- /dev/null
+++ b/core/modules/libvirt/data/opt/openslx/pam/hooks/auth-final-exec.d/45-add-to-libvirt-passthrough.sh
@@ -0,0 +1,5 @@
+#!/bin/ash
+
+adduser "${PAM_USER}" "libvirt-passthrough"
+
+exit 0
diff --git a/core/modules/libvirt/module.build b/core/modules/libvirt/module.build
index cae4a692..2b661f30 100644
--- a/core/modules/libvirt/module.build
+++ b/core/modules/libvirt/module.build
@@ -3,7 +3,8 @@
 module_init() {
 	groupadd --system "kvm"
 	groupadd --system "libvirt-qemu"
-	useradd --gid "kvm" --groups "libvirt-qemu" --system \
+	groupadd --system "libvirt-passthrough"
+	useradd --gid "kvm" --groups "libvirt-qemu,libvirt-passthrough" --system \
 		--no-create-home --home-dir "/var/lib/libvirt" "libvirt-qemu"
 }