I found the actual issue, thanks for all your feedback. I was mistakenly KVM membership for libvirtd membership.
So what happens is the following: 1. gnome-boxes depends on libvirt-daemon, but not libvirt-daemon-system The latter would contain the system integration with services and users for libvirt. That would make the users in 'sudo' be a member of group 'libvirtd' and that would let you control libvirt which would then 'for you' would drive KVM (the user libvirt-qemu which it uses is a member of kvm group) The dependency to libvirt-daemon only brings the binaries, but not this integration 2. Now gnome boxes seems to try driving some things on its own. It uses libvirt bindings, but seems not to want the service. But it does not set qemu(-system-common) that adds the KVM group never added users to the group (not back to Xenial at least, I didn't check further) 3. gnome-boxes does not use the libvirt-qemu user that libvirt sytem integration would use. That is why you can not access /dev/kvm The same is true for any user on the system, which is meant to be an administrators decision - matching your manual addition of the user to the group. I'm not sure yet what to do about it yet, but at least we found and can think about it now. Two solutions come to mind: 1. qemu-system-common could add users in sudo to group kvm (as we do with group libvirtd) That comes at the drawback of handing out that permission by default to more users than before. 2. gnome-boxes is not driving it the way it is intended through libvirt. It should either use it the same way (isolated to user libvirt-qemu which is allowed to reach KVM). Or it can use it's own user and would then want to make sure it has KVM membership. #. If gnome-boxes is meant to work with the current desktops user, then this is the same as #1 And if it is ok - security-wise - should be done in #1. If not acceptable security wise we should not do it in any package. I'll try to get hold of the security Team this week to get an ack to add sudo users to group kvm being ok or not. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767302 Title: User is not added to kvm group when installing gnome-boxes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-boxes/+bug/1767302/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
