Re: How to launch a bhyve vm as normal user,without being root

I was just responding...

Works for me using the full path to the command. You should try as well
with the full path to the command.

$ ls -l /bhyve/12-Win-11-vm12
-rwxr-xr-x  1 root wheel 22 Jun 17 13:25 /bhyve/12-Win-11-vm12
$ cat !$
cat /bhyve/12-Win-11-vm12
#!/bin/sh

echo $USER
$ ls -l /bhyve/12-Win-11-vm12
-rwxr-xr-x  1 root wheel 22 Jun 17 13:25 /bhyve/12-Win-11-vm12
$ cat /bhyve/12-Win-11-vm12
#!/bin/sh

echo $USER
$ cat /usr/local/etc/doas.conf
permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12
$ doas /bhyve/12-Win-11-vm12
root
$ doas 12-Win-11-vm12
doas: Operation not permitted

This last failure is likely an issue with how PATH interacts with doas. You
should move this to another mailing list as this is more about "doas" than
"bhyve".


On Mon, Jun 17, 2024 at 1:44 PM Mario Marietto <marietto2008@gmail.com>
wrote:

> I had an illumination and I found how it works :
>
> [marietto@marietto /bhyve]==> doas /bhyve/12-Win-11-vm12
>
> But why ?
>
>
> On Mon, Jun 17, 2024 at 10:15 PM Mario Marietto <marietto2008@gmail.com>
> wrote:
>
>> nano /usr/local/etc/doas.conf :
>>
>> permit nopass :wheel as root cmd bhyve-win
>> permit nopass :wheel as root cmd bhyve-lin
>> permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12
>>
>> [marietto@marietto /bhyve]==> doas 12-Win-11-vm12
>> doas: Operation not permitted
>>
>> On Mon, Jun 17, 2024 at 9:50 PM Mark Peek <mp@freebsd.org> wrote:
>>
>>> Likely because you don't have this in the doas.conf file:
>>>
>>> permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12
>>>
>>>
>>> On Mon, Jun 17, 2024 at 11:35 AM Mario Marietto <marietto2008@gmail.com>
>>> wrote:
>>>
>>>> If I keep the bhyve scripts in /usr/sbin,it works. But I want to keep
>>>> the bhyve scripts in /bhyve and I don't want to keep them in /usr/sbin. For
>>>> this reason I've added the path /bhyve to /home/marietto/.zshrc like this :
>>>>
>>>> # ~/.zshrc
>>>>
>>>> # zsh autocompletion for sudo and doas
>>>> zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
>>>> /usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve
>>>>
>>>> and in /root/.zshrc :
>>>>
>>>> # zsh autocompletion for sudo and doas
>>>> zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
>>>> /usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve
>>>>
>>>> but when I try to run the vm like this :
>>>>
>>>> [marietto@marietto /bhyve]==> doas 12-Win-11-vm12
>>>>
>>>> it says :
>>>>
>>>> doas: 12-Win-11-vm12: command not found
>>>>
>>>> and when I do :
>>>>
>>>> [marietto@marietto /bhyve]==> doas ./12-Win-11-vm12
>>>>
>>>> it says :
>>>>
>>>> doas: Operation not permitted
>>>>
>>>> Why ?
>>>>
>>>>
>>>> On Mon, Jun 17, 2024 at 7:53 PM Mark Peek <mp@freebsd.org> wrote:
>>>>
>>>>> Likely need to add this as it is what you are passing to doas as the
>>>>> command to execute:
>>>>>
>>>>> permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12
>>>>>
>>>>> Mark
>>>>>
>>>>> On Mon, Jun 17, 2024 at 10:40 AM Mario Marietto <
>>>>> marietto2008@gmail.com> wrote:
>>>>> >
>>>>> > [marietto@marietto /bhyve]==> sudo cp 12-Win-11-vm12 /usr/sbin
>>>>> >
>>>>> > [marietto@marietto /bhyve]==> nano /usr/sbin/12-Win-11-vm12
>>>>> >
>>>>> > #!/bin/sh
>>>>> >
>>>>> > bhyve-win -S -c sockets=4,cores=2,threads=1 -m 8G -w -H \
>>>>> > -S -c sockets=4,cores=2,threads=1 -m 8G -w -H \
>>>>> > -s 0,hostbridge \
>>>>> > -s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,bootindex=1 \
>>>>> > -s 2,ahci-hd,/dev/$vmdisk5 \
>>>>> > -s 8:0,passthru,2/0/0 \
>>>>> > -s 8:1,passthru,2/0/1 \
>>>>> > -s 8:2,passthru,2/0/2 \
>>>>> > -s 8:3,passthru,2/0/3 \
>>>>> > -s 13,virtio-net,tap12 \
>>>>> > -s 29,fbuf,tcp=0.0.0.0:5912,w=1600,h=950,wait \
>>>>> > -s 30,xhci,tablet \
>>>>> > -s 31,lpc \
>>>>> > -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \
>>>>> > vm0:12 < /dev/null & sleep 2 && vncviewer 0:12
>>>>> >
>>>>> > [marietto@marietto /bhyve]==> sudo chmod 0755
>>>>> /usr/sbin/12-Win-11-vm12
>>>>> >
>>>>> > [marietto@marietto /bhyve]==> sudo nano /usr/local/etc/doas.conf
>>>>> >
>>>>> > permit nopass :wheel as root cmd /usr/sbin/bhyve-win
>>>>> > permit nopass :wheel as root cmd /usr/sbin/bhyve-lin
>>>>> >
>>>>> > [marietto@marietto /bhyve]==> doas /usr/sbin/12-Win-11-vm12
>>>>> > doas: Operation not permitted
>>>>> >
>>>>> > BUT :
>>>>> >
>>>>> > [marietto@marietto /bhyve]==> sudo nano /usr/sbin/hallo
>>>>> >
>>>>> > #!/bin/sh
>>>>> > echo hallo $USER
>>>>> >
>>>>> > [marietto@marietto /bhyve]==> sudo chmod 0755 /usr/sbin/hallo
>>>>> >
>>>>> > [marietto@marietto /bhyve]==> sudo nano /usr/local/etc/doas.conf
>>>>> >
>>>>> > permit nopass :wheel as root cmd hallo
>>>>> >
>>>>> > [marietto@marietto /bhyve]==> doas hallo
>>>>> >
>>>>> > BOOM ! it works :
>>>>> >
>>>>> > hallo root
>>>>> >
>>>>> > On Mon, Jun 17, 2024 at 6:54 PM Dave Cottlehuber <dch@skunkwerks.at>
>>>>> wrote:
>>>>> >>
>>>>> >> On Mon, 17 Jun 2024, at 14:12, Mario Marietto wrote:
>>>>> >> > Nice idea,but it does not work :
>>>>> >> >
>>>>> >> > nano /home/marietto/.zshrc
>>>>> >> >
>>>>> >> > # ~/.zshrc
>>>>> >>
>>>>> >> Hi Mario, I think your zsh stuff is getting in the way
>>>>> >> here. Your zshrc function is not visible to the root user,
>>>>> >> as doas cleans up all the env and so your function is unknown.
>>>>> >>
>>>>> >> So start off with something without bhyve, make sure you are in
>>>>> >> wheel group, and add a shell script called
>>>>> >> /usr/local/bin/hallo:
>>>>> >>
>>>>> >> ```
>>>>> >> #!/bin/sh
>>>>> >> echo hallo $USER
>>>>> >> ```
>>>>> >>
>>>>> >> chmod 0755 /usr/local/bin/hallo
>>>>> >>
>>>>> >> ```
>>>>> >> # /usr/local/etc/doas.conf (per doas.conf manpage)
>>>>> >> permit nopass :wheel as root cmd /usr/local/bin/hallo
>>>>> >> ```
>>>>> >>
>>>>> >> $ doas /usr/local/bin/hallo
>>>>> >> hallo root
>>>>> >>
>>>>> >> then replace your bhyve commands in the hallo script.
>>>>> >>
>>>>> >> Off the top of my head there's no reason for bhyve to need
>>>>> >> anything different to hallo script.
>>>>> >> A+
>>>>> >> Dave
>>>>> >
>>>>> >
>>>>> >
>>>>> > --
>>>>> > Mario.
>>>>>
>>>>
>>>>
>>>> --
>>>> Mario.
>>>>
>>>
>>
>> --
>> Mario.
>>
>
>
> --
> Mario.
>