Bug 213689 - Allow bhyve to run from non-root user
Summary: Allow bhyve to run from non-root user
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: amd64 Any
: --- Affects Some People
Assignee: freebsd-virtualization (Nobody)
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2016-10-21 19:26 UTC by Vasily Postnicov
Modified: 2023-01-04 19:13 UTC (History)
11 users (show)

See Also:

Attachments
The patch (10.16 KB, patch)
2016-10-21 19:26 UTC, Vasily Postnicov 		no flags Details | Diff
The patch (locking fixed) (10.36 KB, patch)
2016-10-21 20:11 UTC, Vasily Postnicov 		no flags Details | Diff
The patch (10.48 KB, patch)
2016-10-27 15:09 UTC, Vasily Postnicov 		no flags Details | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vasily Postnicov 2016-10-21 19:26:44 UTC 
Created attachment 176037 [details]
The patch

Hello. I've tried a new bhyve from FreeBSD 11.0, with its new graphics support, it's great, many thanks to developers. I do not need VirtualBox anymore!

The only annoying problem with it is inability to run a virtual machine from an ordinary (non-root) user.

I've wrote a fast fix for this. It adds /dev/vmmctl device when vmm module is loaded. When you can set any permissions on it by editing /etc/devfs.conf, for example, or simply calling chown/chmod. Those users, who can read from / write to this device can create, open and destroy virtual machines. The devices in /dev/vmm and /dev/vmm.io are created with UIDs of user who creates them. The old way for creating or destroying virtual machines was removed ("beavis" sysctls), libvmmapi is changed correspondingly with the kernel.

Please tell me what you think.
As for me, I added myself to a group bhyveusr and added the following to /etc/devfs.conf

own   vmmctl   root:bhyveusr
perm  vmmctl   0660
Comment 1 Vasily Postnicov 2016-10-21 20:11:16 UTC 
Created attachment 176039 [details]
The patch (locking fixed)

Just thought that you maybe want to call malloc / make_dev_p without vmmdev_mtx being held. Fix this in my patch.
Comment 2 Vasily Postnicov 2016-10-27 15:09:35 UTC 
Created attachment 176218 [details]
The patch

Just found another issue. I forgot to check ioctl return code in libvmmapi. Fix it now. Virtual machine re-initialization works fine now. BTW, is anyone (still) interested?
Comment 3 Peter Grehan freebsd_committer freebsd_triage 2016-10-27 15:17:27 UTC 
Thanks for this work.

Unfortunately, there are a number of other changes in bhyve that need to be done before it can be run as non-root. Sandboxing the process with capscium and other means is probably mandatory, but there is also the issue of accounting for the use of guest memory in process resources, and destroying this on process exit.

However, the work you've done with creating the VM through something other than sysctl is the right way to do it, and a modified version of that will show up at some point.
Comment 4 Vasily Postnicov 2016-10-27 17:25:36 UTC 
(In reply to Peter Grehan from comment #3)

Thanks for the answer. Well, I will be waiting for this much needed feature :)
Comment 5 shamaz.mazum 2018-11-19 17:19:02 UTC 
Hello again!

I am currently using /dev/vmmctl device to allow non-root users to use bhyve as I described above. Unfortunately, this approach does not allow me to use PCI devices pass-through, as it demands access to /dev/pci, /dev/io and /dev/mem (as far as I remember).

After updating to 12.0-RC1 I have noticed, that ntpd uses MAC framework now (I didn't know about MAC existence before).

Can this approach (writing specific MAC policy module) be used to grant unprivileged bhyve process access to certain files in /dev ?

What other solutions to this problem could be?