[aliguori]

Hi, I work at AWS and before that on KVM since it was a thing.

Restricting /dev/kvm these days doesn't make much sense. The interface is designed to be safe for any user. The fact that we started as a character device and not syscalls is just a historical decision.

[gtsteve]

Thank you, I have learned something new! I believed it was somewhat similar to having access to the Docker socket and I was always sure to restrict it. Everyone please ignore me.