I wonder if it really belongs to kvm group, -- maybe a separate "vhost_net" group should be used instead. Yes it can only be used with qemu/kvm currently, but maybe some other tool will use it in the future, and looking at how many security issues /dev/kvm access had, maybe vhost_net shold be restricted more...
How other distributions are doing this? I'm not sure we want to introduce our own naming here...
I wonder if it really belongs to kvm group, -- maybe a separate "vhost_net" group should be used instead. Yes it can only be used with qemu/kvm currently, but maybe some other tool will use it in the future, and looking at how many security issues /dev/kvm access had, maybe vhost_net shold be restricted more...
How other distributions are doing this? I'm not sure we want to introduce our own naming here...