libvirt fails when redirecting a usb device to the vm

[symphorien]

Describe the bug when redirecting a usb device to a vm, a permission error is raised when running setfacl

this is due to a missing setcap wrapper for spice-client-glib-usb-acl-helper

To Reproduce Steps to reproduce the behavior:

1. Install libvirt:

   { config, pkgs, lib, ... }: {
   config = {
   virtualisation.libvirtd = {
     enable = true;
     qemuRunAsRoot = false;
     onBoot = "ignore";
   };
   users.users.symphorien.extraGroups = [ "libvirtd" ];
   environment.systemPackages = [ pkgs.virt-manager pkgs.virt-viewer ];
   };
   }

2. create a vm in qemu:///system, start it
3. redirect any usb device to it
4. Error setting facl: operation not permitted

Expected behavior ticking the checkbox works

Screenshots

Additional context I'll open a PR shortly

Notify maintainers cc @fpletz @globin @xeji maintainers of spice and libvirt

Metadata

• system: "x86_64-linux"
• host os: Linux 5.8.18, NixOS, 20.09.git.a9085440e57M (Nightingale)
• multi-user?: yes
• sandbox: yes
• version: nix-env (Nix) 2.3.9
• channels(root): "nixos-20.09.2016.19db3e5ea27, nixos-hardware, nixos-unstable-21.03pre246543.24c9b05ac53"
• channels(symphorien): "home-manager-20.09"
• nixpkgs: /nix/var/nix/profiles/per-user/root/channels/nixos

Maintainer information:

# a list of nixpkgs attributes affected by the problem
attribute:
# a list of nixos modules affected by the problem
module: libvirt spice

[symphorien]

A possible solution is implemented in #106595

[stale[bot]]

I marked this as stale due to inactivity. → More info

[wucke13]

FFR: setting virtualisation.spiceUSBRedirection.enable to true should fix this