From d9b34fadd2d6d1f1490197173ef0d023bbab3250 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?H=C3=A9ctor=20Molinero=20Fern=C3=A1ndez?=
 <hector@molinero.dev>
Date: Mon, 2 Aug 2021 21:23:21 +0200
Subject: [PATCH] Check if /dev/kvm exists and prefer to mount that device
 rather than start a privileged container

---
 README.md                | 4 ++--
 run.sh                   | 2 +-
 scripts/service/qemu/run | 5 ++++-
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index aab1016..e25ae59 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@ docker run --detach \
   --name qemu-reactos \
   --restart on-failure:3 \
   --publish 127.0.0.1:6080:6080/tcp \
-  --privileged --env QEMU_VM_KVM=true \
+  --env QEMU_VM_KVM=true --device /dev/kvm \
   docker.io/hectormolinero/qemu-reactos:latest
 ```
 > The instance will be available through a web browser from: http://localhost:6080/vnc.html
@@ -40,7 +40,7 @@ VM boot menu (`off` by default).
 
 #### `QEMU_VM_KVM`
 Start QEMU in KVM mode (`false` by default).
-> The `--privileged` option is required to use KVM in the container.
+> The `--device /dev/kvm` option is required to use KVM in the container.
 
 ## License
 See the [license](LICENSE.md) file.
diff --git a/run.sh b/run.sh
index c164d4e..a521757 100755
--- a/run.sh
+++ b/run.sh
@@ -40,7 +40,7 @@ printf -- '%s\n' "Creating \"${CONTAINER_NAME:?}\" container..."
 	--publish '127.0.0.1:5900:5900/tcp' \
 	--publish '127.0.0.1:6080:6080/tcp' \
 	--publish '127.0.0.1:15900:15900/tcp' \
-	--privileged --env QEMU_VM_KVM=true \
+	--env QEMU_VM_KVM=true --device /dev/kvm \
 	"${IMAGE_NAME:?}" "$@" >/dev/null
 
 printf -- '%s\n\n' 'Done!'
diff --git a/scripts/service/qemu/run b/scripts/service/qemu/run
index ed460d8..e39d019 100755
--- a/scripts/service/qemu/run
+++ b/scripts/service/qemu/run
@@ -11,7 +11,10 @@ QEMU_ARGS="${QEMU_ARGS-} -boot order=${QEMU_VM_BOOT_ORDER:?},menu=${QEMU_VM_BOOT
 QEMU_ARGS="${QEMU_ARGS-} -netdev user,id=n0,${QEMU_VM_NET_OPTIONS:?} -device ${QEMU_VM_NET_DEVICE:?},netdev=n0"
 QEMU_ARGS="${QEMU_ARGS-} -usb -device usb-tablet"
 QEMU_ARGS="${QEMU_ARGS-} -k ${QEMU_VM_KEYBOARD:?}"
-if [ "${QEMU_VM_KVM:?}" = true ]; then QEMU_ARGS="${QEMU_ARGS-} -enable-kvm"; fi
+
+if [ "${QEMU_VM_KVM:?}" = true ] && [ -c /dev/kvm ]; then
+	QEMU_ARGS="${QEMU_ARGS-} -enable-kvm"
+fi
 
 cd /var/lib/qemu/
 exec 2>&1