Unable to create OpenBSD 6.0 bhyve guest
Shawn Webb
shawn.webb at hardenedbsd.org
Fri Feb 10 18:27:30 UTC 2017
On Friday, 10 February 2017 06:15:13 PM C. L. Martinez wrote:
> Hi all,
>
> I am trying to create an OpenBSD 6.0 virtual guest under FreeBSD 11 bhyve
> server. When I try list cd contents, segmentation faults appears:
>
> grub-bhyve -d /data/vms/conf/obsdfwwif -m device.map -r cd0 obsdfwwif
>
>
> GNU
> GRUB version 2.00
>
> Minimal BASH-like line editing is supported. For the first word, TAB
> lists possible command completions. Anywhere else TAB lists possible device
> or file completions.
>
>
> grub>ls
> Segmentation fault
>
Hey C.L. Martinez,
This is because grub-bhyve creates memory mappings that are both writable and
executable, something that is disallowed by default on HardenedBSD.
You'll need to add a secadm rule to disable pageexec and mprotect restrictions
for grub-bhyve. You can find a sample rule here:
https://github.com/HardenedBSD/secadm-rules/blob/master/grub-bhyve.rule
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freebsd.org/pipermail/freebsd-virtualization/attachments/20170210/dd597e0f/attachment.sig>
More information about the freebsd-virtualization
mailing list