Created attachment 176037 [details]
Hello. I've tried a new bhyve from FreeBSD 11.0, with its new graphics support, it's great, many thanks to developers. I do not need VirtualBox anymore!
The only annoying problem with it is inability to run a virtual machine from an ordinary (non-root) user.
I've wrote a fast fix for this. It adds /dev/vmmctl device when vmm module is loaded. When you can set any permissions on it by editing /etc/devfs.conf, for example, or simply calling chown/chmod. Those users, who can read from / write to this device can create, open and destroy virtual machines. The devices in /dev/vmm and /dev/vmm.io are created with UIDs of user who creates them. The old way for creating or destroying virtual machines was removed ("beavis" sysctls), libvmmapi is changed correspondingly with the kernel.
Please tell me what you think.
As for me, I added myself to a group bhyveusr and added the following to /etc/devfs.conf
own vmmctl root:bhyveusr
perm vmmctl 0660
Created attachment 176039 [details]
The patch (locking fixed)
Just thought that you maybe want to call malloc / make_dev_p without vmmdev_mtx being held. Fix this in my patch.
Created attachment 176218 [details]
Just found another issue. I forgot to check ioctl return code in libvmmapi. Fix it now. Virtual machine re-initialization works fine now. BTW, is anyone (still) interested?
Thanks for this work.
Unfortunately, there are a number of other changes in bhyve that need to be done before it can be run as non-root. Sandboxing the process with capscium and other means is probably mandatory, but there is also the issue of accounting for the use of guest memory in process resources, and destroying this on process exit.
However, the work you've done with creating the VM through something other than sysctl is the right way to do it, and a modified version of that will show up at some point.
(In reply to Peter Grehan from comment #3)
Thanks for the answer. Well, I will be waiting for this much needed feature :)
I am currently using /dev/vmmctl device to allow non-root users to use bhyve as I described above. Unfortunately, this approach does not allow me to use PCI devices pass-through, as it demands access to /dev/pci, /dev/io and /dev/mem (as far as I remember).
After updating to 12.0-RC1 I have noticed, that ntpd uses MAC framework now (I didn't know about MAC existence before).
Can this approach (writing specific MAC policy module) be used to grant unprivileged bhyve process access to certain files in /dev ?
What other solutions to this problem could be?