From nobody Mon Jun 17 11:18:26 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W2nT61LdLz5NhZf
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 11:19:06 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W2nT50jB7z4cKr
	for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 11:19:05 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=BD3fwFwd;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (mx1.freebsd.org: domain of marietto2008@gmail.com designates 2607:f8b0:4864:20::102b as permitted sender) smtp.mailfrom=marietto2008@gmail.com
Received: by mail-pj1-x102b.google.com with SMTP id 98e67ed59e1d1-2c508ea0cc5so1041157a91.1
        for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 04:19:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1718623143; x=1719227943; darn=freebsd.org;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=7m+AFels29Lu0EMYWZXlSfyaxAAYr+oszwWPVSpb41U=;
        b=BD3fwFwdKuLr3/HWATRWJLZdqsXh+TsEV23sMWpQt1ym8NPUsTHcmUm2bYokAYSdCl
         ilXpwsiqDbnY7sLEJv8RM1Or0qxY3s/dBMs0IzPj4FbhGB5dAN7JDPqYz8uepVXdEgP5
         bOd4TTyvd1rRLLex7JBhJqA+Q7pOrLQEnu4v9WU9bpUhOiUOQZilyHcps+5AnW638e2P
         recDvt3GMPAwaMJYVGjSFXEn6oOf1ZdP/TREtpWDr9s+cUSFFw712yIfVBBYU8X9MqSX
         bJZYDevBPsYMxBsSt30PE9HaCL996mI6OM0W/C5APgGaWTxVaPsHxcpm8l9dz150VflF
         suSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1718623143; x=1719227943;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=7m+AFels29Lu0EMYWZXlSfyaxAAYr+oszwWPVSpb41U=;
        b=gISgCXiX21XEKinQACAruzDWJ+gCt/vUUDLWHsmj7aJw/p+aJ44FU8Suk6+s/5fnFz
         H3Yy/JbLXpmeMcU/WhXuVEhiUx2QB3Cpp3KKGmAB+jESXmDUHHMCgBTRj2105KQosZmk
         rQyJaYq2pf8DSbp71pQLbDTQv67BbR36G6knUe5h1FwPlIDWYW2DEaRMCor2jSPCSzgp
         okCN64l+o8w1ecM3HH5hrpzD3/DLm6a7lesDRdtQvtqFWSR4mcwOYk3A/pj/Zehw1xKw
         mx+B65drV9bVhfMmysgB4Oug0gYM6aNByuzerZhc+yaTrN1YwO0Z1AcDL72lU9dRUwDp
         b+0A==
X-Gm-Message-State: AOJu0YyOwJGiGeBSSqa36zKnF5q6/koIRoDw8j41rUtHIrNf0yqAfhvL
	+hJZ3NFVoEYVtF3dhi7QqeQdFPBghCShbsRxwNt4bkwDV5qmZi+d70Qp3Z9zmCFrI0X+Hp9FEDq
	JTWxy4IUtGI54PRHrOz9C0RqIFaB0JL6Pw2Y=
X-Google-Smtp-Source: AGHT+IFGyJQ2ySKXg5OkqcZrEzxCb1lZyscRzrqTgLoi12BL/KhQtOjKyAGQaq/YlaEYAcRu+ZyiWjc6fQn3mv2y/6c=
X-Received: by 2002:a17:90a:b401:b0:2c4:a7af:4d79 with SMTP id
 98e67ed59e1d1-2c4db2483f5mr8360636a91.11.1718623142956; Mon, 17 Jun 2024
 04:19:02 -0700 (PDT)
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
From: Mario Marietto <marietto2008@gmail.com>
Date: Mon, 17 Jun 2024 13:18:26 +0200
Message-ID: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
Subject: How to launch a bhyve vm as normal user,without being root
To: FreeBSD virtualization <freebsd-virtualization@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000f0593b061b142192"
X-Spamd-Bar: -
X-Spamd-Result: default: False [-2.00 / 15.00];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	HTTP_TO_IP(1.00)[];
	URI_COUNT_ODD(1.00)[1];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-0.997];
	DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c];
	R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	RCVD_TLS_LAST(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	FROM_HAS_DN(0.00)[];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	ARC_NA(0.00)[];
	FREEMAIL_ENVFROM(0.00)[gmail.com];
	FREEMAIL_FROM(0.00)[gmail.com];
	TO_DN_ALL(0.00)[];
	MISSING_XM_UA(0.00)[];
	DKIM_TRACE(0.00)[gmail.com:+];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-virtualization@freebsd.org];
	FROM_EQ_ENVFROM(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-virtualization@freebsd.org];
	RCVD_COUNT_ONE(0.00)[1];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
	DWL_DNSWL_NONE(0.00)[gmail.com:dkim];
	RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::102b:from]
X-Rspamd-Queue-Id: 4W2nT50jB7z4cKr

--000000000000f0593b061b142192
Content-Type: text/plain; charset="UTF-8"

Hello.

someone of you has been able to launch a bhyve vm as user using doas ?

I'm trying but without success. First of all I created my doas.conf :


nano /usr/local/etc/doas.conf

permit nopass :marietto cmd bhyve
permit nopass :marietto cmd vm-create

and then I tried to lauch the vm below :


doas bhyve -S -c sockets=2,cores=2,threads=2 -m 8G -w -H -A \
-s 0,hostbridge \
-s 1,ahci-hd,/mnt/zroot-133/bhyve/img/Linux/Debian-now.img,bootindex=1 \
-s 11,hda,play=/dev/dsp,rec=/dev/dsp \
-s 13,virtio-net,tap16 \
-s 14,virtio-9p,sharename=/ \
-s 29,fbuf,tcp=0.0.0.0:5916,w=1600,h=950,wait \
-s 30,xhci,tablet \
-s 31,lpc \
-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \
vm0:16 < /dev/null & sleep 2 && vncviewer 0:16


The error is : vm_create: Operation not permitted

These variations don't work :


permit nopass :wheel cmd bhyve

permit nopass :wheel cmd vm_create

permit nopass marietto cmd bhyve

permit nopass marietto cmd vm_create


Doas/Sudo is being root,but it does not work. But if I become root,I can
launch a bhyve vm.

-- 
Mario.

--000000000000f0593b061b142192
Content-Type: text/html; charset="UTF-8"

<div dir="ltr">
      
    <span>
      
    </span>
  
      
      
     <div class="gmail-text-neutral-content">
    <div class="gmail-mb-sm gmail-mb-xs gmail-px-md gmail-xs:px-0">
      <div id="gmail-t3_1dgm9w5-post-rtjson-content" class="gmail-md gmail-text-14">
    <p>
    Hello.
  </p><p>
    someone of you has been able to launch a bhyve vm as user using doas ?
  </p><p>
    I&#39;m trying but without success. First of all I created my doas.conf :</p><p><br></p><p></p><pre>nano /usr/local/etc/doas.conf

permit nopass :marietto cmd bhyve
permit nopass :marietto cmd vm-create<br><br></pre><p>
    and then I tried to lauch the vm below : <br></p><p><br></p><pre>doas bhyve -S -c sockets=2,cores=2,threads=2 -m 8G -w -H -A \
-s 0,hostbridge \
-s 1,ahci-hd,/mnt/zroot-133/bhyve/img/Linux/Debian-now.img,bootindex=1 \
-s 11,hda,play=/dev/dsp,rec=/dev/dsp \
-s 13,virtio-net,tap16 \
-s 14,virtio-9p,sharename=/ \
-s 29,fbuf,tcp=<a href="http://0.0.0.0:5916">0.0.0.0:5916</a>,w=1600,h=950,wait \
-s 30,xhci,tablet \
-s 31,lpc \
-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \
vm0:16 &lt; /dev/null &amp; sleep 2 &amp;&amp; vncviewer 0:16</pre><p><br>
    </p><p>The error is : vm_create: Operation not permitted</p>
  </div>
    </div>
  </div><div></div><div><br></div><div><div class="gmail-md gmail-text-14 gmail-rounded-[8px] gmail-pb-2xs" id="gmail-t1_l8rw020-comment-rtjson-content">
        <div id="gmail--post-rtjson-content" class="gmail-py-0 gmail-xs:mx-xs gmail-mx-2xs gmail-inline-block gmail-max-w-full">
    <p>
    These variations don&#39;t work :
  </p><p><br>
    </p><p>permit nopass :wheel cmd bhyve
  </p><p>
    permit nopass :wheel cmd vm_create
  </p><p>
    permit nopass marietto cmd bhyve
  </p><p>
    permit nopass marietto cmd vm_create</p><p><br>
  </p>
  </div>
      </div></div><div><div class="gmail-md gmail-text-14 gmail-rounded-[8px] gmail-pb-2xs" id="gmail-t1_l8uq5h6-comment-rtjson-content">
        <div id="gmail--post-rtjson-content" class="gmail-py-0 gmail-xs:mx-xs gmail-mx-2xs gmail-inline-block gmail-max-w-full">
    <p>
    Doas/Sudo is being root,but it does not work. But if I become root,I can launch a bhyve vm.</p><p>
  </p>
  </div>
      </div></div><div><span class="gmail_signature_prefix">-- </span></div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Mario.<br></div></div>

--000000000000f0593b061b142192--