Remix.run Logo
rwmj 16 hours ago

Because you want users to use virtualization for sandboxing without needing to make system-wide changes. That generally improves security overall. You might as well ask "why allow users to run anything at all?" since they can make system calls into a gigantic C program that is likely full of unknown bugs.

fulafel 13 hours ago | parent [-]

I get where you're coming from but I'd argue the kvm group is still better even when you automatically give all human users membership. You can then have less-privileged accounts for service roles, for example nginx doesn't need kvm acccess.

rwmj 12 hours ago | parent [-]

nginx might not, but some automated tool / cron job using libguestfs might. Kernel KVM has a very good record for security so it's not something to worry about, compared to (for example) lesser used drivers/filesystems or other dusty corners of the kernel.