KVM permission

[rmlira]

Hi, I'm trying to perform the following command:

xhost local:$USER && docker run --rm -ti -e UID=$(id -u) -e GID=$(id -g) -p 42000:42000 --workdir /project --device /dev/kvm --device /dev/dri:/dev/dri -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY -v "$PWD":/project --privileged --entrypoint flutter-android-emulator  matspfeiffer/flutter

The actual output is:

non-network local connections being added to access control list
  ╔════════════════════════════════════════════════════════════════════════════╗
  ║ A new version of Flutter is available!                                     ║
  ║                                                                            ║
  ║ To update to the latest version, run "flutter upgrade".                    ║
  ╚════════════════════════════════════════════════════════════════════════════╝


The Android emulator exited with code 1 during startup
Android emulator stderr:
ProbeKVM: This user doesn't have permissions to use KVM (/dev/kvm).
The KVM line in /etc/group is: [LINE_NOT_FOUND]

If the current user has KVM permissions,
the KVM line in /etc/group should end with ":" followed by your username.

If we see LINE_NOT_FOUND, the kvm group may need to be created along with permissions:
    sudo groupadd -r kvm
    # Then ensure /lib/udev/rules.d/50-udev-default.rules contains something like:
    # KERNEL=="kvm", GROUP="kvm", MODE="0660"
    # and then run:
    sudo gpasswd -a $USER kvm

If we see kvm:... but no username at the end, running the following command may allow KVM access:
    sudo gpasswd -a $USER kvm

You may need to log out and back in for changes to take effect.

Address these issues and try again.
Error: No pubspec.yaml file found.
This command should be run from the root of your Flutter project.
Do not run this command from the root of your git clone of Flutter.

I'm using a Linux machine, kvm and xhost are installed. Already included my host user in kvm group, but it seems this needed to be done inside the container... What I'm missing?

[matsp]

Have you execute it in an existing flutter project directory?

[rmlira]

No, it's the first time I'm trying remote-containers for flutter in a new project. I executed the command in an empty directory.

[matsp]

Have you executed the tip that was logged out by kvm?

[rmlira]

In the host yes... the container doesn't has sudo installed to run these commands. It needs to be done inside the container?

[tianhaoz95]

I am having the same issue... It looks like the default user developer doesn't have access to kvm group?

[matsp]

Can you give some more details? developer is just the user inside the image. A list of steps would be useful to debug this issue :)

[tianhaoz95]

Sure. The repository I used for doing this is https://github.com/vsc-templates/flutter-template. I cloned this repository in vs code and then opened in dev container. After it opens in the container, I ran flutter emulators --launch flutter_emulator which failed due to "no permission to use kvm". When I check what is actually in /etc/groups inside the dev container, it doesn't have kvm which make sense since the host has kvm, and it wasn't specifically added in the container. However, I can't add it in container because the container doesn't have sudo which is a bit confusing what would be a work around.

[matsp]

Thanks. I will try to reproduce it.

What's your host Linux distro? What packages do you have installed to get this working? Is your host user in the KVM group?

My first guess is that the container process is not allowed to access KVM on the host. It's also possible that something changed on flutter tooling side.

[matsp]

@tianhaoz95 Does this work without VSC?

xhost local:$USER && docker run --rm -ti -e UID=$(id -u) -e GID=$(id -g) -p 42000:42000 --workdir /project --device /dev/kvm --device /dev/dri:/dev/dri -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY -v "$PWD":/project --entrypoint flutter-android-emulator matspfeiffer/flutter

[tianhaoz95]

Thanks. I will try to reproduce it.

What's your host Linux distro? What packages do you have installed to get this working? Is your host user in the KVM group?

My first guess is that the container process is not allowed to access KVM on the host. It's also possible that something changed on flutter tooling side.

Linux Distro: Linux Mint 20.1
Package installed: docker, qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils (not sure all of them played a role)
Yes, the host user is added to kvm and libvirtd.

[tianhaoz95]

@tianhaoz95 Does this work without VSC?

xhost local:$USER && docker run --rm -ti -e UID=$(id -u) -e GID=$(id -g) -p 42000:42000 --workdir /project --device /dev/kvm --device /dev/dri:/dev/dri -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY -v "$PWD":/project --entrypoint flutter-android-emulator matspfeiffer/flutter

It seems that the port was taken on the host:

tianhaoz@mint-laptop:~/Experimental$ xhost local:$USER && docker run --rm -ti -e UID=$(id -u) -e GID=$(id -g) -p 42000:42000 --workdir /project --device /dev/kvm --device /dev/dri:/dev/dri -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY -v "$PWD":/project --entrypoint flutter-android-emulator matspfeiffer/flutter
non-network local connections being added to access control list
docker: Error response from daemon: driver failed programming external connectivity on endpoint affectionate_liskov (8dc64d98a04b250c727405739021ebc7b064a27e551d9dfb1a28c7a0914632f5): Error starting userland proxy: listen tcp4 0.0.0.0:42000: bind: address already in use.

Does the port have to be 42000? What is this port used for?

[matsp]

ENV FLUTTER_DEBUG_PORT="42000"

I forward it so you can use the debug tools of the flutter VSC plugin.

Maybe you already had an active session when testing the command?

[tianhaoz95]

Oh it turns out that the Linux Mint Warpinator is taking that port:

netstat -ltnp | grep -w ':42000'
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp6       0      0 :::42000                :::*                    LISTEN      2241/warpinator 

However, stopping that didn't work. It was the same error as running in devcontainer:

xhost local:$USER && docker run --rm -ti -e UID=$(id -u) -e GID=$(id -g) -p 42000:42000 --workdir /project --device /dev/kvm --device /dev/dri:/dev/dri -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY -v "$PWD":/project --entrypoint flutter-android-emulator matspfeiffer/flutter
non-network local connections being added to access control list
  ╔════════════════════════════════════════════════════════════════════════════╗
  ║ A new version of Flutter is available!                                     ║
  ║                                                                            ║
  ║ To update to the latest version, run "flutter upgrade".                    ║
  ╚════════════════════════════════════════════════════════════════════════════╝


The Android emulator exited with code 1 during startup
Android emulator stderr:
ProbeKVM: This user doesn't have permissions to use KVM (/dev/kvm).
The KVM line in /etc/group is: [LINE_NOT_FOUND]

If the current user has KVM permissions,
the KVM line in /etc/group should end with ":" followed by your username.

If we see LINE_NOT_FOUND, the kvm group may need to be created along with permissions:
    sudo groupadd -r kvm
    # Then ensure /lib/udev/rules.d/50-udev-default.rules contains something like:
    # KERNEL=="kvm", GROUP="kvm", MODE="0660"
    # and then run:
    sudo gpasswd -a $USER kvm

If we see kvm:... but no username at the end, running the following command may allow KVM access:
    sudo gpasswd -a $USER kvm

You may need to log out and back in for changes to take effect.

handleCpuAcceleration: feature check for hvf
Address these issues and try again.

[matsp]

Okay. It's now easier to debug for me because I am not using VSC for dart/flutter development. Will test later.

[nmacosta]

I am having the same issue... It looks like the default user developer doesn't have access to kvm group?

I was getting the same error. The host belongs to the kvm group.
But searching What I found is giving full access to /dev/kvm folder. chmod -R 777 /dev/kvm

Now, I have another. The emulator opens but doesnt show the app. It exited unexpectedly .

In the terminal appears the following error:

No devices found with name or id matching 'flutter_emulator'
Any Clues?

[tianhaoz95]

Hmmm... if possible, I would prefer to add the correct users to kvm access since letting everyone one the server have access to kvm doesn't seem ideal.

What does flutter devices or adb devices show for you after the device boots up?

[pantoninho]

I'm having the same issue in PopOS 21.04.
My host user has been added to kvm group as stated by the instructions, but the error message still shows.
Where should we add the group kvm? In the host machine or the container? And which user? the host or the container user?

The Android emulator exited with code 1 during startup
Android emulator stderr:
ProbeKVM: This user doesn't have permissions to use KVM (/dev/kvm).
The KVM line in /etc/group is: [LINE_NOT_FOUND]

If the current user has KVM permissions,
the KVM line in /etc/group should end with ":" followed by your username.

If we see LINE_NOT_FOUND, the kvm group may need to be created along with
permissions:
    sudo groupadd -r kvm
    # Then ensure /lib/udev/rules.d/50-udev-default.rules contains
    something like:
    # KERNEL=="kvm", GROUP="kvm", MODE="0660"
    # and then run:
    sudo gpasswd -a $USER kvm

If we see kvm:... but no username at the end, running the following
command may allow KVM access:
    sudo gpasswd -a $USER kvm

You may need to log out and back in for changes to take effect.

handleCpuAcceleration: feature check for hvf
Address these issues and try again.

Thank you!

[pedritos1989]

I'm having the same issue in PopOS 21.04. My host user has been added to kvm group as stated by the instructions, but the error message still shows. Where should we add the group kvm? In the host machine or the container? And which user? the host or the container user?

The Android emulator exited with code 1 during startup
Android emulator stderr:
ProbeKVM: This user doesn't have permissions to use KVM (/dev/kvm).
The KVM line in /etc/group is: [LINE_NOT_FOUND]

If the current user has KVM permissions,
the KVM line in /etc/group should end with ":" followed by your username.

If we see LINE_NOT_FOUND, the kvm group may need to be created along with
permissions:
    sudo groupadd -r kvm
    # Then ensure /lib/udev/rules.d/50-udev-default.rules contains
    something like:
    # KERNEL=="kvm", GROUP="kvm", MODE="0660"
    # and then run:
    sudo gpasswd -a $USER kvm

If we see kvm:... but no username at the end, running the following
command may allow KVM access:
    sudo gpasswd -a $USER kvm

You may need to log out and back in for changes to take effect.

handleCpuAcceleration: feature check for hvf
Address these issues and try again.

Thank you!

Try: sudo chown $USER /dev/kvm

[dhbrojas]

Running into the same permissions issue where the container does not have permissions to interact with the /dev/kvm device. My current workaround is quite ugly: I ran sudo chmod 667 /dev/klm from the host. This solves the issue (As in I'm able to start the flutter emulator from within the container) but it's not a viable solution.
I posted a StackOverflow question explaining the issue here.