cvd checks user is in cvdnetwork and kvm groups

jemoreira · jemoreira · commit 2a786b0a3709 · 2025-11-26T01:17:52.000Z
cvd can't access/setup the cvd directory (/var/tmp/cvd) if the user is
not a meber of the cvdnetwork group. If the user is not a member of kvm
it won't be able to launch devices.

Bug: b/444230097
diff --git a/base/cvd/cuttlefish/host/commands/cvd/BUILD.bazel b/base/cvd/cuttlefish/host/commands/cvd/BUILD.bazel
@@ -36,6 +36,7 @@ cf_cc_binary(
         "//cuttlefish/common/libs/utils:subprocess",
         "//cuttlefish/host/commands/cvd/utils",
         "//cuttlefish/host/commands/cvd/version",
+        "//cuttlefish/host/libs/vm_manager",
         "//libbase",
         "//libsparse",
         "@fmt",
diff --git a/base/cvd/cuttlefish/host/commands/cvd/main.cc b/base/cvd/cuttlefish/host/commands/cvd/main.cc
@@ -23,9 +23,9 @@
 #include <iostream>
 #include <string>
 #include <unordered_map>
-#include <utility>
 #include <vector>
 
+#include <fmt/format.h>
 #include <android-base/file.h>
 #include <android-base/logging.h>
 #include <android-base/scopeguard.h>
@@ -39,6 +39,7 @@
 #include "cuttlefish/host/commands/cvd/cvd.h"
 #include "cuttlefish/host/commands/cvd/utils/common.h"
 #include "cuttlefish/host/commands/cvd/version/version.h"
+#include "cuttlefish/host/libs/vm_manager/host_configuration.h"
 // TODO(315772518) Re-enable once metrics send is reenabled
 // #include "cuttlefish/host/commands/cvd/metrics/cvd_metrics_api.h"
 
@@ -190,6 +191,22 @@ std::string ColoredUrl(const std::string& url) {
   return output;
 }
 
+bool ValidateHostConfiguration() {
+  // Validate the host before attempting to access directories.
+  std::vector<std::string> config_commands;
+  bool valid = vm_manager::ValidateHostConfiguration(&config_commands);
+  if (!valid) {
+    std::cerr << "Validation of host configuration failed." << std::endl;
+    std::cerr << "Execute the following commands:" << std::endl;
+    for (const auto& cmd : config_commands) {
+      std::cerr << "    " << cmd << std::endl;
+    }
+    std::cerr << "You may need to logout for the changes to take effect"
+              << std::endl;
+  }
+  return valid;
+}
+
 }  // namespace
 }  // namespace cuttlefish
 
@@ -202,6 +219,9 @@ int main(int argc, char** argv, char** envp) {
   // set verbosity for this process
   cuttlefish::SetMinimumVerbosity(verbosity);
 
+  if (!cuttlefish::ValidateHostConfiguration()) {
+    return -1;
+  }
   auto result = cuttlefish::CvdMain(argc, argv, envp);
   if (result.ok()) {
     return 0;
