sean-jc
commented
5 years ago Yep. Creating /dev/sgx_virt with root permissions is intentional. You can do e.g. chmod 0666 /dev/sgx_virt to expose EPC to all users.
Closed jmechalas closed 5 years ago
sean-jc
commented
5 years ago Yep. Creating /dev/sgx_virt with root permissions is intentional. You can do e.g. chmod 0666 /dev/sgx_virt to expose EPC to all users.
jmechalas
commented
5 years ago Or 660 to a group allowed to use VMs. Or maybe there's a way to get this to work as-is using polkit. I'll think this over. I want the smoothest way to integrate this with libvirt without making everything wide open permissions-wise.
jmechalas
commented
5 years ago Adjusting permissions on the device didn't help with libvirt. Oddly enough I can't launch that way as root, either, so I suspect polkit is the culprit. ANyway, this works if you run it from the command line directly so closing this out.
I was unable to get qemu 3.1.0 to start a VM with
-object memory-backend-epc,...unless I ran qemu directly as root. Running virsh as a regular user to try and start the vm produced the error:Does this sound right?