Re: How to launch a bhyve vm as normal user,without being root

Reply: Mark Peek : "Re: How to launch a bhyve vm as normal user,without being root"
In reply to: Mario Marietto : "Re: How to launch a bhyve vm as normal user,without being root"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mario Marietto <marietto2008_at_gmail.com>
Date: Mon, 17 Jun 2024 20:43:33 UTC
I had an illumination and I found how it works :

[marietto@marietto /bhyve]==> doas /bhyve/12-Win-11-vm12

But why ?


On Mon, Jun 17, 2024 at 10:15 PM Mario Marietto <marietto2008@gmail.com>
wrote:

> nano /usr/local/etc/doas.conf :
>
> permit nopass :wheel as root cmd bhyve-win
> permit nopass :wheel as root cmd bhyve-lin
> permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12
>
> [marietto@marietto /bhyve]==> doas 12-Win-11-vm12
> doas: Operation not permitted
>
> On Mon, Jun 17, 2024 at 9:50 PM Mark Peek <mp@freebsd.org> wrote:
>
>> Likely because you don't have this in the doas.conf file:
>>
>> permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12
>>
>>
>> On Mon, Jun 17, 2024 at 11:35 AM Mario Marietto <marietto2008@gmail.com>
>> wrote:
>>
>>> If I keep the bhyve scripts in /usr/sbin,it works. But I want to keep
>>> the bhyve scripts in /bhyve and I don't want to keep them in /usr/sbin. For
>>> this reason I've added the path /bhyve to /home/marietto/.zshrc like this :
>>>
>>> # ~/.zshrc
>>>
>>> # zsh autocompletion for sudo and doas
>>> zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
>>> /usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve
>>>
>>> and in /root/.zshrc :
>>>
>>> # zsh autocompletion for sudo and doas
>>> zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
>>> /usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve
>>>
>>> but when I try to run the vm like this :
>>>
>>> [marietto@marietto /bhyve]==> doas 12-Win-11-vm12
>>>
>>> it says :
>>>
>>> doas: 12-Win-11-vm12: command not found
>>>
>>> and when I do :
>>>
>>> [marietto@marietto /bhyve]==> doas ./12-Win-11-vm12
>>>
>>> it says :
>>>
>>> doas: Operation not permitted
>>>
>>> Why ?
>>>
>>>
>>> On Mon, Jun 17, 2024 at 7:53 PM Mark Peek <mp@freebsd.org> wrote:
>>>
>>>> Likely need to add this as it is what you are passing to doas as the
>>>> command to execute:
>>>>
>>>> permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12
>>>>
>>>> Mark
>>>>
>>>> On Mon, Jun 17, 2024 at 10:40 AM Mario Marietto <marietto2008@gmail.com>
>>>> wrote:
>>>> >
>>>> > [marietto@marietto /bhyve]==> sudo cp 12-Win-11-vm12 /usr/sbin
>>>> >
>>>> > [marietto@marietto /bhyve]==> nano /usr/sbin/12-Win-11-vm12
>>>> >
>>>> > #!/bin/sh
>>>> >
>>>> > bhyve-win -S -c sockets=4,cores=2,threads=1 -m 8G -w -H \
>>>> > -S -c sockets=4,cores=2,threads=1 -m 8G -w -H \
>>>> > -s 0,hostbridge \
>>>> > -s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,bootindex=1 \
>>>> > -s 2,ahci-hd,/dev/$vmdisk5 \
>>>> > -s 8:0,passthru,2/0/0 \
>>>> > -s 8:1,passthru,2/0/1 \
>>>> > -s 8:2,passthru,2/0/2 \
>>>> > -s 8:3,passthru,2/0/3 \
>>>> > -s 13,virtio-net,tap12 \
>>>> > -s 29,fbuf,tcp=0.0.0.0:5912,w=1600,h=950,wait \
>>>> > -s 30,xhci,tablet \
>>>> > -s 31,lpc \
>>>> > -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \
>>>> > vm0:12 < /dev/null & sleep 2 && vncviewer 0:12
>>>> >
>>>> > [marietto@marietto /bhyve]==> sudo chmod 0755
>>>> /usr/sbin/12-Win-11-vm12
>>>> >
>>>> > [marietto@marietto /bhyve]==> sudo nano /usr/local/etc/doas.conf
>>>> >
>>>> > permit nopass :wheel as root cmd /usr/sbin/bhyve-win
>>>> > permit nopass :wheel as root cmd /usr/sbin/bhyve-lin
>>>> >
>>>> > [marietto@marietto /bhyve]==> doas /usr/sbin/12-Win-11-vm12
>>>> > doas: Operation not permitted
>>>> >
>>>> > BUT :
>>>> >
>>>> > [marietto@marietto /bhyve]==> sudo nano /usr/sbin/hallo
>>>> >
>>>> > #!/bin/sh
>>>> > echo hallo $USER
>>>> >
>>>> > [marietto@marietto /bhyve]==> sudo chmod 0755 /usr/sbin/hallo
>>>> >
>>>> > [marietto@marietto /bhyve]==> sudo nano /usr/local/etc/doas.conf
>>>> >
>>>> > permit nopass :wheel as root cmd hallo
>>>> >
>>>> > [marietto@marietto /bhyve]==> doas hallo
>>>> >
>>>> > BOOM ! it works :
>>>> >
>>>> > hallo root
>>>> >
>>>> > On Mon, Jun 17, 2024 at 6:54 PM Dave Cottlehuber <dch@skunkwerks.at>
>>>> wrote:
>>>> >>
>>>> >> On Mon, 17 Jun 2024, at 14:12, Mario Marietto wrote:
>>>> >> > Nice idea,but it does not work :
>>>> >> >
>>>> >> > nano /home/marietto/.zshrc
>>>> >> >
>>>> >> > # ~/.zshrc
>>>> >>
>>>> >> Hi Mario, I think your zsh stuff is getting in the way
>>>> >> here. Your zshrc function is not visible to the root user,
>>>> >> as doas cleans up all the env and so your function is unknown.
>>>> >>
>>>> >> So start off with something without bhyve, make sure you are in
>>>> >> wheel group, and add a shell script called
>>>> >> /usr/local/bin/hallo:
>>>> >>
>>>> >> ```
>>>> >> #!/bin/sh
>>>> >> echo hallo $USER
>>>> >> ```
>>>> >>
>>>> >> chmod 0755 /usr/local/bin/hallo
>>>> >>
>>>> >> ```
>>>> >> # /usr/local/etc/doas.conf (per doas.conf manpage)
>>>> >> permit nopass :wheel as root cmd /usr/local/bin/hallo
>>>> >> ```
>>>> >>
>>>> >> $ doas /usr/local/bin/hallo
>>>> >> hallo root
>>>> >>
>>>> >> then replace your bhyve commands in the hallo script.
>>>> >>
>>>> >> Off the top of my head there's no reason for bhyve to need
>>>> >> anything different to hallo script.
>>>> >> A+
>>>> >> Dave
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> > Mario.
>>>>
>>>
>>>
>>> --
>>> Mario.
>>>
>>
>
> --
> Mario.
>


-- 
Mario.