From nobody Mon Jun 17 14:12:51 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W2sLK2yzCz5Nxyl
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 14:13:29 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com [IPv6:2607:f8b0:4864:20::102a])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W2sLK1Fz2z4sjy
	for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 14:13:29 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-pj1-x102a.google.com with SMTP id 98e67ed59e1d1-2c19e6dc3dcso3749892a91.3
        for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 07:13:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1718633608; x=1719238408; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=u/9ErOVH4pih7LBWyNhqRHTWtYjobfeqomaSIusVQuY=;
        b=iv4c6Isb1EmdTG0cjsmlUDCm2hngTgrW5UlZYmqwCWRjNqC1298wkCMp4IOIbbly0K
         DgpHVfTPmNYx3g8sa8lHiXI2mSZMrF3UM/LPXPWw7B2DrLPQXN6MqSAkQCboELYfIUVC
         WHL4beEmBGpAeRCemfbZabtPMBpOeA55bMD72O8oicepHvWJ9oLTbwtnchWD7n+BCZt9
         xjO+sxfnsvoOzgaCLDwXXNk96h+TcoZYDhQnDKxK4jjzl0eNXUg9GzjbMNNA+D/qpeFy
         T2aOyDnJ5PlXqjHAaGtKqFkH9o0SAW4vxHCLMpiRIZHk9qh3uG6W8EvxhgPokI/Rc3yP
         VFBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1718633608; x=1719238408;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=u/9ErOVH4pih7LBWyNhqRHTWtYjobfeqomaSIusVQuY=;
        b=uFeFYsaq4JAJtZwZc+rUfbb0dBwSXIlJkyis8kXGMEQu11nYKAuwhNgeE6/0ANwDYz
         vjIqqsBjMHI3IF09tfUwMeNmVim+B1QGMWMc9tSw9D7qiLQm3C4Fuf6BHBlvjmX1qQTW
         xIylTJ8PM3rpkB/Ridhb7RmlO0/RI22ftsez8kHSNrO1wKkZ8Qr6OuF28upJ6vUcqPKS
         HSmwkTPZIE+M3PPIfg7SzH1ld7IlQw0lMmC/nR7X2EUT4mdhQisqJWvVQ/MqknwwzSRq
         XF/DgMpHXbxXwf9SBc+NahFZXuqSsPQGx+qdcvHzaMocLS5dAHLcAJ5l8dNjC3IdMkWP
         QJPg==
X-Gm-Message-State: AOJu0Yx63y0g1eHcS0jGcJweLmYx8GKoKDuNeQ6r1/9ERj/oHARKCNau
	vDfG1Zr5tlCKS8Xu2CQG77vrS0IyhGFecYii2QBQq8DY/rJr8eL30qGAHv37qcHs4x4qG+eiVqF
	tbYEl6qW01W8j1O8/82UtFilyhpU=
X-Google-Smtp-Source: AGHT+IHzPsuc500ZPFOdWRzCWhCuxx2zdEINl7Or3L//8tnR49na66iqlyUdCj6F9u5txZKKAys6dVVVNi2sOVFyTVU=
X-Received: by 2002:a17:90b:23cb:b0:2c2:d260:e4b8 with SMTP id
 98e67ed59e1d1-2c4dc02bef7mr8965023a91.40.1718633607554; Mon, 17 Jun 2024
 07:13:27 -0700 (PDT)
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
References: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
 <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
In-Reply-To: <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
From: Mario Marietto <marietto2008@gmail.com>
Date: Mon, 17 Jun 2024 16:12:51 +0200
Message-ID: <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com>
Subject: Re: How to launch a bhyve vm as normal user,without being root
To: Odhiambo Washington <odhiambo@gmail.com>
Cc: FreeBSD virtualization <freebsd-virtualization@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000ad6f6a061b16916e"
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Queue-Id: 4W2sLK1Fz2z4sjy

--000000000000ad6f6a061b16916e
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Nice idea,but it does not work :

nano /home/marietto/.zshrc

# ~/.zshrc
# zsh autocompletion for sudo and doas
zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
/usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve

nano doas.conf

permit nopass marietto as root cmd bhyve-lin
permit nopass marietto as root cmd bhyve-win

nano 10-Debian-Now_wine-tkg-vm10

doas /usr/sbin/./bhyve-lin -S -c sockets=3D2,cores=3D2,threads=3D2 -m 8G -w=
 -H -A
\
-s 0,hostbridge \
-s
1,ahci-hd,/mnt/zroot-133/bhyve/img/Linux/Debian-now-wine-tkg.img,bootindex=
=3D1
\
-s 11,hda,play=3D/dev/dsp,rec=3D/dev/dsp \
-s 13,virtio-net,tap10 \
-s 14,virtio-9p,sharename=3D/ \
-s 29,fbuf,tcp=3D0.0.0.0:5910,w=3D1600,h=3D950,wait \
-s 30,xhci,tablet \
-s 31,lpc \
-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \
vm0:10 < /dev/null & sleep 2 && vncviewer 0:10

=3D

doas: Operation not permitted

On Mon, Jun 17, 2024 at 2:24=E2=80=AFPM Odhiambo Washington <odhiambo@gmail=
.com>
wrote:

>
>
> On Mon, Jun 17, 2024 at 2:19=E2=80=AFPM Mario Marietto <marietto2008@gmai=
l.com>
> wrote:
>
>> Hello.
>>
>> someone of you has been able to launch a bhyve vm as user using doas ?
>>
>> I'm trying but without success. First of all I created my doas.conf :
>>
>>
>> nano /usr/local/etc/doas.conf
>>
>> permit nopass :marietto cmd bhyve
>> permit nopass :marietto cmd vm-create
>>
>>
> permit nopass marietto as root cmd bhyve
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
>  In an Internet failure case, the #1 suspect is a constant: DNS.
> "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-)
> [How to ask smart questions:
> http://www.catb.org/~esr/faqs/smart-questions.html]
>


--=20
Mario.

--000000000000ad6f6a061b16916e
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Nice idea,but it does not work :</div><div><br></div>=
<div>nano /home/marietto/.zshrc</div><div><br></div><div># ~/.zshrc<br># zs=
h autocompletion for sudo and doas<br>zstyle &quot;:completion:*:(sudo|su|d=
oas):*&quot; command-path /usr/local/bin /usr/local/sbin /usr/sbin /usr/bin=
 /bin /sbin /bhyve</div><div><br></div><div>nano doas.conf</div><div><br></=
div><div>permit nopass marietto as root cmd bhyve-lin<br>permit nopass mari=
etto as root cmd bhyve-win</div><div><br></div><div></div><div>nano 10-Debi=
an-Now_wine-tkg-vm10<br></div><div><br></div><div>doas /usr/sbin/./bhyve-li=
n -S -c sockets=3D2,cores=3D2,threads=3D2 -m 8G -w -H -A \<br>-s 0,hostbrid=
ge \<br>-s 1,ahci-hd,/mnt/zroot-133/bhyve/img/Linux/Debian-now-wine-tkg.img=
,bootindex=3D1 \<br>-s 11,hda,play=3D/dev/dsp,rec=3D/dev/dsp \<br>-s 13,vir=
tio-net,tap10 \<br>-s 14,virtio-9p,sharename=3D/ \<br>-s 29,fbuf,tcp=3D<a h=
ref=3D"http://0.0.0.0:5910" target=3D"_blank">0.0.0.0:5910</a>,w=3D1600,h=
=3D950,wait \<br>-s 30,xhci,tablet \<br>-s 31,lpc \<br>-l bootrom,/usr/loca=
l/share/uefi-firmware/BHYVE_UEFI_CODE.fd \<br>vm0:10 &lt; /dev/null &amp; s=
leep 2 &amp;&amp; vncviewer 0:10</div><div><br></div><div>=3D<br></div><div=
><br></div><div>doas: Operation not permitted</div></div><br><div class=3D"=
gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Jun 17, 2024 at =
2:24=E2=80=AFPM Odhiambo Washington &lt;<a href=3D"mailto:odhiambo@gmail.co=
m" target=3D"_blank">odhiambo@gmail.com</a>&gt; wrote:<br></div><blockquote=
 class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px so=
lid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div dir=3D"ltr"><b=
r></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr=
">On Mon, Jun 17, 2024 at 2:19=E2=80=AFPM Mario Marietto &lt;<a href=3D"mai=
lto:marietto2008@gmail.com" target=3D"_blank">marietto2008@gmail.com</a>&gt=
; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px=
 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div di=
r=3D"ltr">
     =20
    <span>
     =20
    </span>
 =20
     =20
     =20
     <div>
    <div>
      <div id=3D"m_-478838054079622550m_-7454093540265596212m_-894476881096=
8800024gmail-t3_1dgm9w5-post-rtjson-content">
    <p>
    Hello.
  </p><p>
    someone of you has been able to launch a bhyve vm as user using doas ?
  </p><p>
    I&#39;m trying but without success. First of all I created my doas.conf=
 :</p><p><br></p><p></p><pre>nano /usr/local/etc/doas.conf

permit nopass :marietto cmd bhyve
permit nopass :marietto cmd vm-create<br></pre></div></div></div></div></bl=
ockquote><div></div></div><div><br></div>permit nopass marietto as root cmd=
 bhyve<br><div><br></div><span class=3D"gmail_signature_prefix">-- </span><=
br><div dir=3D"ltr" class=3D"gmail_signature"><div dir=3D"ltr"><div dir=3D"=
ltr"><div>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254 7 320=
0 0004/+254 7 2274 3223</div><div><span style=3D"color:rgb(34,34,34)">=C2=
=A0In=C2=A0</span><span style=3D"color:rgb(34,34,34)">an Internet failure c=
ase, the #1 suspect is a constant: DNS.</span><br>&quot;<span style=3D"font=
-size:12.8px">Oh, the cruft.</span><span style=3D"font-size:12.8px">&quot;,=
=C2=A0</span><span style=3D"font-size:12.8px">egrep -v &#39;^$|^.*#&#39;=C2=
=A0</span><span style=3D"background-color:rgb(34,34,34);color:rgb(238,238,2=
38);font-family:&quot;Lucida Console&quot;,Consolas,&quot;Courier New&quot;=
,monospace;font-size:13.6px">=C2=AF\_(=E3=83=84)_/=C2=AF</span><span style=
=3D"font-size:12.8px">=C2=A0:-)</span></div><div><span style=3D"font-size:1=
2.8px">[How to ask smart questions:=C2=A0</span><span style=3D"font-size:12=
.8px"><a href=3D"http://www.catb.org/~esr/faqs/smart-questions.html" target=
=3D"_blank">http://www.catb.org/~esr/faqs/smart-questions.html</a>]</span><=
/div></div></div></div></div>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>

--000000000000ad6f6a061b16916e--