From nobody Mon Jun 17 06:21:24 2024
X-Original-To: virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W2fsf4KLqz5NRYk
	for <virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 06:21:26 +0000 (UTC)
	(envelope-from corvink@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W2fsf3lJpz45X6;
	Mon, 17 Jun 2024 06:21:26 +0000 (UTC)
	(envelope-from corvink@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1718605286;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references:autocrypt:autocrypt;
	bh=z8FDkjeCqtqT176NDpqyoPnG33OJl0TaWURJoRS8LWE=;
	b=OdAym1VsJ6ZcljOzpdm6ffnv+93emdCx+VQk8r9OByVMQ1gt7Ff3wpZBkWlqimitAa0E4Q
	bwlzUjR9YERAyBS2n7QbmEuHwhdvaaqY5H38EPVlFxRMXmSJ4Vs2A5vaVpqliy0za1vIu9
	5LeBK1qiNKlpAHjVsfC1helw9ZiTe+SW6Za1Eh38Ciox6CyNT1WiPx0qDAdcPV34DTCROw
	MlumopITUNsALdq+FCHFLS9ilhSfKDmfCz4MMTLest72MTqYujVLd6DIpUR3fjHrSbKFae
	eQzsGvADMEbgpMRFKc748W7WMsyyN2yBc7DIREHyB7w5NDC1FdLScKck861q9A==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1718605286; a=rsa-sha256; cv=none;
	b=ZDOYjfso/xfOGq5+D6/JQUdLQ/sCtOyZ00QnoYyKjXgVAL9Q7rMGnzGTMbqZB7byQFf0gM
	g9bFpqtAGgUBFTtIIoXudpMY50ykSRm9dQLTPfSIzXXf+pHUBo0jAUDe4jWD2lCkm7Afd1
	TT6KJLPhWC4QFWBJ6xX0tTNr+H1O0eajz5vyEwtO0uAHYy+Z/UNZeBEAnB/kjYhcYi+o9r
	uvVRak8Fn0iEsisxLoh33T8lfXehxPcArfJF8cDgSFFMLMXPGqTdyb5tNJ/GC62g+XZz45
	2gRSF6VMtAIslbr/NzIvoIOFkQ9SmARwSrCU0RvK71gwCHaUviN6TzVZ6rioRw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1718605286;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references:autocrypt:autocrypt;
	bh=z8FDkjeCqtqT176NDpqyoPnG33OJl0TaWURJoRS8LWE=;
	b=lefVi2FGSXNVl8NCEcy6hrRy8ncz6dtASZ3a7OOPhj+kI/JCSYGez/bH3Y86BLk/GcWRRR
	t51dOJilKtNAYYyO4+mDh5SqF5/ikC6hvMz5CtAdeh1rS5bBv2U0pJlWGQM8h5B4sTgEa9
	g1O0zmZBVKzc6o0bLbnk1gxUx1zfas02yh6Q7c5UD+EEk4ihOa/6rFLvP0L0Fg29QJpQSE
	Id/Smu6Y+mW9baaLvIqVvWBsXaF921ym2OVKELmeQ8SJeVWU09f2mVkXp69wDOaqr8WlpP
	jz5wGuIWu7GFI+AudaexlPCHIQearT4D1v9jgkXZva8ubLxemlyWPDs7U/XhkQ==
Received: from [172.21.179.142] (unknown [195.226.174.194])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: corvink)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4W2fsf0ghbzFgr;
	Mon, 17 Jun 2024 06:21:25 +0000 (UTC)
	(envelope-from corvink@FreeBSD.org)
Message-ID: <5473b6f9d3e542b45d9c7ef3e28c57b2f937ab79.camel@FreeBSD.org>
Subject: Re: bhyve passthru problem
From: Corvin =?ISO-8859-1?Q?K=F6hne?= <corvink@FreeBSD.org>
To: Peter Grehan <grehan@freebsd.org>
Cc: virtualization@freebsd.org, Oleksandr Kryvulia <shuriku@shurik.kiev.ua>
Date: Mon, 17 Jun 2024 08:21:24 +0200
In-Reply-To: <c8c87fc3-2665-44c3-a8cf-6dcbd6525c38@freebsd.org>
References: <a63589a8-2cb2-4952-83b1-7a97e2f8cd44@shurik.kiev.ua>
	 <38c9656c26fc3cee7ba733168c0fa2cdd01209d9.camel@FreeBSD.org>
	 <c8c87fc3-2665-44c3-a8cf-6dcbd6525c38@freebsd.org>
Autocrypt: addr=corvink@FreeBSD.org; prefer-encrypt=mutual;
 keydata=mQINBGNjZaIBEADDTrDNf+0pwiuRPBdClcnZW83dH1UhuOi0u+A1J2SatEBbNaFVtXXAa
 vewCTuyV/ZbNidjlhq3R/pWyiKjFKvs5dj7PMCw+3z2D5OWpMdHg7TrB+fbdFPOEsu0zQVKNaO+pS
 KCfN0Re0m7bL3wuvl7PXvBufRwA3Guo1P4j3TXWaEkuso7VupTvE25zVGg9ONHrGOjA9RUy+Yg4Se
 3NLgtUdjBgA21SBQTDvRQV4fDmVenlwvWeE0Xm8FcDcpQb6sJTihaDku78mi3Ux1HCk7rTcepVEB0
 xIB6qmFxv0sLlDmVv6Z6qg1y/Q5m23Pgz60o3TulMPV4F+3Itm8ifU+wgVSzBZbD29GYkd7LKqMkF
 bhvfSBk+5db3vbYY5OD//+LTM5AV7e2AhXuXMvG1UNBqXqSJTTSy6KZz+qmPQO0zos0dq46p8o82l
 KiBEGD2Hu0p+u0OyV+MmRYo1NIBFVbOPXp2MvUVl5II0UIJ3+N9gLBmfGA+HEpVO8PnvdoT/5NQ7m
 8JK1rQHzjiDub/iDPAYMqKH4C0eZ/7zO0fuY5FeRNtuNtpH1Bw/+7/5RJH7bcKkfGHHEp15FJUrGH
 gWNydoDLB9QBprwQc8FEldDXBjzOMXIgh6FGKLNu6DswvIPGy6M3u7DXwDakCXz+c9Ym0oFihLzZx
 WntrsxdswD/CwARAQABtCdDb3J2aW4gS8O2aG5lIDxjb3J2aW4ua29laG5lQGdtYWlsLmNvbT6JAl
 QEEwEIAD4WIQSC9FKVreba38fZT0bYVNpWMV4CagUCZArUIwIbAwUJCWYBgAULCQgHAgYVCgkICwI
 EFgIDAQIeAQIXgAAKCRDYVNpWMV4CalcID/44k2i/mqSSi4W6FAobSF1nFLtP/pfcRNJriWKx2UF7
 cfFMKyg7Nilg7FhLb5FDB1umUW2nFfchFPTUp4FfKzgRvPzIMg4RIRcVtTpYbl3z7zs9ZXD8qS//i
 ibbiUG3quncm6tO2x1jLZD3ORC+8MuLGXhYQIa4O5vVF2SBHdb/U6P+wsrF+U+OpRdEdQ/4Xu9S02
 kltzBGgArjcexdhUqEqW01KCCSH0+qgfN1NE+9L934ZOB+cai2b9apPbCOGuV6KcUKMj4z0RWInhl
 XIyMqtmhdix/P/GjrQ1REVNdp74JeweSSedM15wwc6YLMXPrtOnnExyZ1gyNFYaub+Mdo3ZQ+8386
 3B0C9IlpzEW0K8bYlZrl4WBNdcMOyByETAxgQmBgP6ZFErTtaeUOH1nX2FyR6o2GLSahRgngQmnRE
 zScTpPbBEkMwJMDAO+rbjjGxjeKSUwD1WOfbI6QZj+MS/uBk2p08kgN7fQaCEwj6jqML/IIE+FZ9I
 In6TNG0hChD384VHO+YioLBno1Atgi4Q7JUWSRIHQXZW+StQajFrWPPyKQwCe1MwqpKoMpX/q8IZB
 lzwJgZS8ShLeFZjtzOt1jgM99TD91Neonf9OzjTSbfo7sJviSWoICMhB/MvDZjj+naMVF86uGFxnI
 EsjVKyBxlJd4TRHnLYPTIHFKBLQjQ29ydmluIEvDtmhuZSA8Y29ydmlua0BGcmVlQlNELm9yZz6JA
 lQEEwEKAD4WIQSC9FKVreba38fZT0bYVNpWMV4CagUCY2NlogIbAwUJCWYBgAULCQgHAwUVCgkICw
 UWAwIBAAIeAQIXgAAKCRDYVNpWMV4CavfDEACCFnXpR7H9eOgP+GJMNPtK6i9/xnqdyXi8uCZIN0h
 YwjN4Xzo9SMLOf4UUlQEveOB+bGqbRfHd/fGKnrlXiPd0SGpKWJC21gqL/DsIH0J8I3Whth+O8tfP
 WeFy0oCsvBaaGFLIrDfoIgHF9i/gqEe48xhN42weB02Z3mdR1L0d7ME/BLwS0mCXe9Zh3uHw63S6x
 YB3Wsjptxe/ph6TpQDUKWtRJkjC6BqXPBdThpbbfIRWmjZbp2fKEJPvtRXS14+gbUqWeJ4xCvprA3
 +ae7vtrp91X775yngyW3XTw5cmDiJIjykH8+zhEIoNQXNBpFrehkQDYrcM+WoE6NGSJo+3VJvSRWh
 UGWDVrxdTYNkbIjmTNlkI12NINC007DiuV7OF9XHWgrbbylvuZvbODmbJRdhTFy9upAUygX1/xUAQ
 EIMqMiJmyTdv8i0IbZ611WElQx9XHgGeZgM6+39/laN8FwspM6gE/4NzZHIZN0LEBOerZqoF+Il6e
 ccQpoEWx7nb/RilJp3dUUyvkBnJWg+AJByosg857kvvmDnZ3UB+bejWpcfFvnbkiKPUBPDO7tWPb5
 r2yFDpDe/Vg5x+sRbkkXGUFD6Rx0p/ZiRIneVVg8emTzhDR0IL/BZkq/uVJkdaphZli1F/31cNgf6
 ZJYnjxlk86uiYSySZQR0dKLDqq7QlQ29ydmluIEvDtmhuZSA8Yy5rb2VobmVAYmVja2hvZmYuY29t
 PokCVAQTAQgAPhYhBIL0UpWt5trfx9lPRthU2lYxXgJqBQJkCtScAhsDBQkJZgGABQsJCAcCBhUKC
 QgLAgQWAgMBAh4BAheAAAoJENhU2lYxXgJqI+QQAML5PTR7KpUFV3SLG60LQJGEOHUfDmJYczxBFb
 IAq1U4hIbivopu1AdLty7oDDrIjCVoa2/Cy34dd99O7lhLvUmZFB/zDSUtbUg2zhDkU0YSZ11Fdrl
 Wzky2tFaQRgxpDvWlUP0baa3Pd4dPDRiIUI6AOSR2SL6XANk6sJh56gLVM6G8yyafGsxSyDYg6Z78
 EEMFejHwB+KP2DdsahupzM+F97HeC1+bOHYxtqN+2hEkPLtQWizyumPqNg5FvZhwe7yO8V95hF3Rh
 uDO+9aJT+WLLvcZEb/L1bI04IvZ5FWgCLI7Levd/DuOtZI8gWapHhqGZRbXB2fuJkCoKCl6V67h/7
 aWhU3LjFTsC5siJyrxPjapKcIk8a7PqZDswNCKR+24LJ5D59mPgEOnsiCCVpik1WE/kgD+rOu9dQx
 jpjKwuKowf4EJP1KYNkYtoy1HthzyTOqPwqXC3IUl0GVPO3xw6MhUM3irCVFruC+ecVrv85Rd37vr
 duT6JvgW92xjWegMsamtkDZH8Ik/cmYhH0K/qEc6OZVNea/4PTEZe0uxODJ6pbMd80AJyGqDPPVeA
 gWJtEIG4k6IS8XyD5v1QJtlpDVpPwP/bbFnVc3h3Oatfn8Etm1KAqYvNwyO+om2PkF1p732uapDZd
 LwksVmgc9s79+9pSpeP5DbIeMzhrIK
Content-Type: multipart/signed; micalg="pgp-sha256";
	protocol="application/pgp-signature"; boundary="=-7OuE1F3YU0+mfEpfmESN"
User-Agent: Evolution 3.52.2 
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0


--=-7OuE1F3YU0+mfEpfmESN
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Fri, 2024-06-14 at 17:50 +1000, Peter Grehan wrote:
> > I don't know why bhyve validates the BAR size. The commit adding
> > this
> > check is old [1] and doesn't explain it. What bhyve could do is
> > rounding up the BAR size to a full page size when allocating memory
> > for
> > the BAR.
> >=20
> > [1] https://github.com/freebsd/freebsd-
> > src/commit/7a902ec0eccc752c9c38533ed123121eaaea1225
>=20
> =C2=A0 At the time, BIOSs would often place device BARs of less than a
> page=20
> size in the same physical page. Since EPT only gives page
> granularity,=20
> this would result in all those devices being available to the guest
> even=20
> if they hadn't been passed through.
>=20
> later,
>=20
> Peter.
>=20
>=20

Thanks for the explanation!

What can we do about it? Does FreeBSD remaps BARs if they aren't page
aligned? If not, can we verify that the page is only used by a specific
device?


--=20
Kind regards,
Corvin

--=-7OuE1F3YU0+mfEpfmESN
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEgvRSla3m2t/H2U9G2FTaVjFeAmoFAmZv1eQACgkQ2FTaVjFe
AmruthAAlp36SQVZpvIh2x1njku3QtX6n8YOPviDzqlz5yaQD9tqyQC0qe6lQeqJ
dcTO7lSidprSklXQmba+X0ZAppCVsOq13MSQrWR757C5c/oUXBgudQ4klaB4vI7o
eGlHM2ju9hSGq8r2IJJoxJma0eZs448Nb6k1wC9+i93IO9arOFmY4Qyji4gln6cW
FYbpaIRi4mNQvX4V9322DuG2DsIg7iuTQ2LyHhIZaWY0X4Q+goU77wElK5G95oY/
ouvxuZCXpo2lL1v68J+Jz5GE6wfkKVTIcuWJ+M+dRM2EAHKc6pVtwikU+4l4FvNK
whLcdoBxfepDpcxhYXLqtWVnJQFjkm45bZJVq71heRmjfs+Z9zrnWi94k+DDJJgV
+UcT0OJNAyQqjyIElBOrUirTXNtUZfHT6pzCRoeWYnPTAoXS7h8NRJ0KeLCuZ9Lm
jmpQyjePyg2ekL6l0SilqG8qjoYPa/EHsSRjBDP6wrmj6ADRXk6oG9FUo/gPGcpr
evuNeH4EQEsRYTvgHaChhYPPDWHxqqCTTETQEH/yaWh1iakHjYYVhZIBMdq1QAyJ
C1ckzL2eqXJzwJic9NOD+wzLHU7FazJI0Iybht5VinI7/GTPoRPCw4GcG1nGDdgq
nai6B96OX7WjiJcPUhNXkt9CGG02lM0+HENPf0XnSXLACIhSiIU=
=w7Hl
-----END PGP SIGNATURE-----

--=-7OuE1F3YU0+mfEpfmESN--

From nobody Mon Jun 17 11:18:26 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W2nT61LdLz5NhZf
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 11:19:06 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W2nT50jB7z4cKr
	for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 11:19:05 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=BD3fwFwd;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (mx1.freebsd.org: domain of marietto2008@gmail.com designates 2607:f8b0:4864:20::102b as permitted sender) smtp.mailfrom=marietto2008@gmail.com
Received: by mail-pj1-x102b.google.com with SMTP id 98e67ed59e1d1-2c508ea0cc5so1041157a91.1
        for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 04:19:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1718623143; x=1719227943; darn=freebsd.org;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=7m+AFels29Lu0EMYWZXlSfyaxAAYr+oszwWPVSpb41U=;
        b=BD3fwFwdKuLr3/HWATRWJLZdqsXh+TsEV23sMWpQt1ym8NPUsTHcmUm2bYokAYSdCl
         ilXpwsiqDbnY7sLEJv8RM1Or0qxY3s/dBMs0IzPj4FbhGB5dAN7JDPqYz8uepVXdEgP5
         bOd4TTyvd1rRLLex7JBhJqA+Q7pOrLQEnu4v9WU9bpUhOiUOQZilyHcps+5AnW638e2P
         recDvt3GMPAwaMJYVGjSFXEn6oOf1ZdP/TREtpWDr9s+cUSFFw712yIfVBBYU8X9MqSX
         bJZYDevBPsYMxBsSt30PE9HaCL996mI6OM0W/C5APgGaWTxVaPsHxcpm8l9dz150VflF
         suSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1718623143; x=1719227943;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=7m+AFels29Lu0EMYWZXlSfyaxAAYr+oszwWPVSpb41U=;
        b=gISgCXiX21XEKinQACAruzDWJ+gCt/vUUDLWHsmj7aJw/p+aJ44FU8Suk6+s/5fnFz
         H3Yy/JbLXpmeMcU/WhXuVEhiUx2QB3Cpp3KKGmAB+jESXmDUHHMCgBTRj2105KQosZmk
         rQyJaYq2pf8DSbp71pQLbDTQv67BbR36G6knUe5h1FwPlIDWYW2DEaRMCor2jSPCSzgp
         okCN64l+o8w1ecM3HH5hrpzD3/DLm6a7lesDRdtQvtqFWSR4mcwOYk3A/pj/Zehw1xKw
         mx+B65drV9bVhfMmysgB4Oug0gYM6aNByuzerZhc+yaTrN1YwO0Z1AcDL72lU9dRUwDp
         b+0A==
X-Gm-Message-State: AOJu0YyOwJGiGeBSSqa36zKnF5q6/koIRoDw8j41rUtHIrNf0yqAfhvL
	+hJZ3NFVoEYVtF3dhi7QqeQdFPBghCShbsRxwNt4bkwDV5qmZi+d70Qp3Z9zmCFrI0X+Hp9FEDq
	JTWxy4IUtGI54PRHrOz9C0RqIFaB0JL6Pw2Y=
X-Google-Smtp-Source: AGHT+IFGyJQ2ySKXg5OkqcZrEzxCb1lZyscRzrqTgLoi12BL/KhQtOjKyAGQaq/YlaEYAcRu+ZyiWjc6fQn3mv2y/6c=
X-Received: by 2002:a17:90a:b401:b0:2c4:a7af:4d79 with SMTP id
 98e67ed59e1d1-2c4db2483f5mr8360636a91.11.1718623142956; Mon, 17 Jun 2024
 04:19:02 -0700 (PDT)
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
From: Mario Marietto <marietto2008@gmail.com>
Date: Mon, 17 Jun 2024 13:18:26 +0200
Message-ID: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
Subject: How to launch a bhyve vm as normal user,without being root
To: FreeBSD virtualization <freebsd-virtualization@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000f0593b061b142192"
X-Spamd-Bar: -
X-Spamd-Result: default: False [-2.00 / 15.00];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	HTTP_TO_IP(1.00)[];
	URI_COUNT_ODD(1.00)[1];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-0.997];
	DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c];
	R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	RCVD_TLS_LAST(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	FROM_HAS_DN(0.00)[];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	ARC_NA(0.00)[];
	FREEMAIL_ENVFROM(0.00)[gmail.com];
	FREEMAIL_FROM(0.00)[gmail.com];
	TO_DN_ALL(0.00)[];
	MISSING_XM_UA(0.00)[];
	DKIM_TRACE(0.00)[gmail.com:+];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-virtualization@freebsd.org];
	FROM_EQ_ENVFROM(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-virtualization@freebsd.org];
	RCVD_COUNT_ONE(0.00)[1];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
	DWL_DNSWL_NONE(0.00)[gmail.com:dkim];
	RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::102b:from]
X-Rspamd-Queue-Id: 4W2nT50jB7z4cKr

--000000000000f0593b061b142192
Content-Type: text/plain; charset="UTF-8"

Hello.

someone of you has been able to launch a bhyve vm as user using doas ?

I'm trying but without success. First of all I created my doas.conf :


nano /usr/local/etc/doas.conf

permit nopass :marietto cmd bhyve
permit nopass :marietto cmd vm-create

and then I tried to lauch the vm below :


doas bhyve -S -c sockets=2,cores=2,threads=2 -m 8G -w -H -A \
-s 0,hostbridge \
-s 1,ahci-hd,/mnt/zroot-133/bhyve/img/Linux/Debian-now.img,bootindex=1 \
-s 11,hda,play=/dev/dsp,rec=/dev/dsp \
-s 13,virtio-net,tap16 \
-s 14,virtio-9p,sharename=/ \
-s 29,fbuf,tcp=0.0.0.0:5916,w=1600,h=950,wait \
-s 30,xhci,tablet \
-s 31,lpc \
-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \
vm0:16 < /dev/null & sleep 2 && vncviewer 0:16


The error is : vm_create: Operation not permitted

These variations don't work :


permit nopass :wheel cmd bhyve

permit nopass :wheel cmd vm_create

permit nopass marietto cmd bhyve

permit nopass marietto cmd vm_create


Doas/Sudo is being root,but it does not work. But if I become root,I can
launch a bhyve vm.

-- 
Mario.

--000000000000f0593b061b142192
Content-Type: text/html; charset="UTF-8"

<div dir="ltr">
      
    <span>
      
    </span>
  
      
      
     <div class="gmail-text-neutral-content">
    <div class="gmail-mb-sm gmail-mb-xs gmail-px-md gmail-xs:px-0">
      <div id="gmail-t3_1dgm9w5-post-rtjson-content" class="gmail-md gmail-text-14">
    <p>
    Hello.
  </p><p>
    someone of you has been able to launch a bhyve vm as user using doas ?
  </p><p>
    I&#39;m trying but without success. First of all I created my doas.conf :</p><p><br></p><p></p><pre>nano /usr/local/etc/doas.conf

permit nopass :marietto cmd bhyve
permit nopass :marietto cmd vm-create<br><br></pre><p>
    and then I tried to lauch the vm below : <br></p><p><br></p><pre>doas bhyve -S -c sockets=2,cores=2,threads=2 -m 8G -w -H -A \
-s 0,hostbridge \
-s 1,ahci-hd,/mnt/zroot-133/bhyve/img/Linux/Debian-now.img,bootindex=1 \
-s 11,hda,play=/dev/dsp,rec=/dev/dsp \
-s 13,virtio-net,tap16 \
-s 14,virtio-9p,sharename=/ \
-s 29,fbuf,tcp=<a href="http://0.0.0.0:5916">0.0.0.0:5916</a>,w=1600,h=950,wait \
-s 30,xhci,tablet \
-s 31,lpc \
-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \
vm0:16 &lt; /dev/null &amp; sleep 2 &amp;&amp; vncviewer 0:16</pre><p><br>
    </p><p>The error is : vm_create: Operation not permitted</p>
  </div>
    </div>
  </div><div></div><div><br></div><div><div class="gmail-md gmail-text-14 gmail-rounded-[8px] gmail-pb-2xs" id="gmail-t1_l8rw020-comment-rtjson-content">
        <div id="gmail--post-rtjson-content" class="gmail-py-0 gmail-xs:mx-xs gmail-mx-2xs gmail-inline-block gmail-max-w-full">
    <p>
    These variations don&#39;t work :
  </p><p><br>
    </p><p>permit nopass :wheel cmd bhyve
  </p><p>
    permit nopass :wheel cmd vm_create
  </p><p>
    permit nopass marietto cmd bhyve
  </p><p>
    permit nopass marietto cmd vm_create</p><p><br>
  </p>
  </div>
      </div></div><div><div class="gmail-md gmail-text-14 gmail-rounded-[8px] gmail-pb-2xs" id="gmail-t1_l8uq5h6-comment-rtjson-content">
        <div id="gmail--post-rtjson-content" class="gmail-py-0 gmail-xs:mx-xs gmail-mx-2xs gmail-inline-block gmail-max-w-full">
    <p>
    Doas/Sudo is being root,but it does not work. But if I become root,I can launch a bhyve vm.</p><p>
  </p>
  </div>
      </div></div><div><span class="gmail_signature_prefix">-- </span></div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Mario.<br></div></div>

--000000000000f0593b061b142192--

From nobody Mon Jun 17 12:23:22 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W2pw235zbz5NnSP
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 12:24:02 +0000 (UTC)
	(envelope-from odhiambo@gmail.com)
Received: from mail-oa1-x36.google.com (mail-oa1-x36.google.com [IPv6:2001:4860:4864:20::36])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W2pw21BRBz4j6j
	for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 12:24:02 +0000 (UTC)
	(envelope-from odhiambo@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-oa1-x36.google.com with SMTP id 586e51a60fabf-25837a78858so1976052fac.2
        for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 05:24:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1718627040; x=1719231840; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=r/3BlzoYvmJwtqnEcbflcSebNKuBXzkROq5Zi0CkPIk=;
        b=GXGcA1q4EpQzaE0Xzyuy77ThWwQspMdzXIWVgrzpZUTA/m6Noc1s+UDL0stFsM9bk9
         WhQAt6Vy5sitczRgIhxMMabzpiDEC7Gs/CJkwutkc1C7FXxJkW8iNtx/dtq+2pW4Aah5
         Hf4p9rVFkum60ZfEAtKmTf9hIKWXquP8DKxbihrJEW9HlWACxsN7K6Te1KS4BkH+Mrc0
         wZcooypaEntdMS2wNtdtFzuLQaplnBNZFmZfoJIIasCo+1lRGi7XdTTjGPKQ8lwTWsYg
         XB8s+wwY5ZdXhLd2Bo0OrLMdT0dxndgPQ+14nPgTxmEn+YtaafObLrYFZW7JeNFxzzwz
         Yoxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1718627040; x=1719231840;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=r/3BlzoYvmJwtqnEcbflcSebNKuBXzkROq5Zi0CkPIk=;
        b=laAGWRp99AYLuEiWwbSZ11qskZzVVXgrP1e0WCqCN9puROoQgRgcUBo9s0VPA5NBsZ
         8BjbwoKOjrvud34gPFwFj1X3n3580I+g7DDp+Gwmjd14AI8urs0g6IuvQwGA0Uu3QDqY
         6IZGhOYgsMQW8ziah1Of877ABQCsi5I+AUD1rYkmxIPAyH/KJBmfJ8jtCA95eFq+o+h7
         K6hoFl6WTu8Kit/k5hmdyU9RjHq8li5I2JTWM2IkvCppatBXHaYsiSbjj5046Z2P/TRa
         7ivqPmCuPVX0GcpieqitcnBcTPDCZ9saXlkJT7XPXaoRkHSOfd9Y9FK0cRfszxIcTMH1
         Rtlw==
X-Gm-Message-State: AOJu0YygHW0i6nadWnDZj6REwAwr0H1axYBx97Y1SbgreRBQPoMdzU36
	ginQJgpEX9lvGUQx401XXFSfQ8O/o7Bx8TDkdQ6kREWWKkh8sVj0z3qNsuHT6sO0i0CyuebQ5Tb
	EIjVUzHYllMsJVhdUF1dB34mbYg0EKa+5g11tyg==
X-Google-Smtp-Source: AGHT+IHokv9dwEuqVyIwBjQXT8oJNOOXt8kA/2GdJ1Gnke7TUQ3JBEeKLBmF8sM7Bvb1hWuUGwtNbBdZ6ojsE8bfS90=
X-Received: by 2002:a05:6870:b69e:b0:254:bd24:de8c with SMTP id
 586e51a60fabf-2584287de5emr9899738fac.5.1718627040089; Mon, 17 Jun 2024
 05:24:00 -0700 (PDT)
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
References: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
In-Reply-To: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
From: Odhiambo Washington <odhiambo@gmail.com>
Date: Mon, 17 Jun 2024 15:23:22 +0300
Message-ID: <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
Subject: Re: How to launch a bhyve vm as normal user,without being root
To: Mario Marietto <marietto2008@gmail.com>
Cc: FreeBSD virtualization <freebsd-virtualization@freebsd.org>
Content-Type: multipart/alternative; boundary="00000000000039e17f061b150adb"
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2001:4860:4864::/48, country:US]
X-Rspamd-Queue-Id: 4W2pw21BRBz4j6j

--00000000000039e17f061b150adb
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, Jun 17, 2024 at 2:19=E2=80=AFPM Mario Marietto <marietto2008@gmail.=
com>
wrote:

> Hello.
>
> someone of you has been able to launch a bhyve vm as user using doas ?
>
> I'm trying but without success. First of all I created my doas.conf :
>
>
> nano /usr/local/etc/doas.conf
>
> permit nopass :marietto cmd bhyve
> permit nopass :marietto cmd vm-create
>
>
permit nopass marietto as root cmd bhyve

--=20
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]

--00000000000039e17f061b150adb
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Mon, Jun 17, 2024 at 2:19=E2=80=AF=
PM Mario Marietto &lt;<a href=3D"mailto:marietto2008@gmail.com">marietto200=
8@gmail.com</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=
=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding=
-left:1ex"><div dir=3D"ltr">
     =20
    <span>
     =20
    </span>
 =20
     =20
     =20
     <div>
    <div>
      <div id=3D"m_-8944768810968800024gmail-t3_1dgm9w5-post-rtjson-content=
">
    <p>
    Hello.
  </p><p>
    someone of you has been able to launch a bhyve vm as user using doas ?
  </p><p>
    I&#39;m trying but without success. First of all I created my doas.conf=
 :</p><p><br></p><p></p><pre>nano /usr/local/etc/doas.conf

permit nopass :marietto cmd bhyve
permit nopass :marietto cmd vm-create<br></pre></div></div></div></div></bl=
ockquote><div></div></div><div><br></div>permit nopass marietto as root cmd=
 bhyve<br><div><br></div><span class=3D"gmail_signature_prefix">-- </span><=
br><div dir=3D"ltr" class=3D"gmail_signature"><div dir=3D"ltr"><div dir=3D"=
ltr"><div>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254 7 320=
0 0004/+254 7 2274 3223</div><div><span style=3D"color:rgb(34,34,34)">=C2=
=A0In=C2=A0</span><span style=3D"color:rgb(34,34,34)">an Internet failure c=
ase, the #1 suspect is a constant: DNS.</span><br>&quot;<span style=3D"font=
-size:12.8px">Oh, the cruft.</span><span style=3D"font-size:12.8px">&quot;,=
=C2=A0</span><span style=3D"font-size:12.8px">egrep -v &#39;^$|^.*#&#39;=C2=
=A0</span><span style=3D"background-color:rgb(34,34,34);color:rgb(238,238,2=
38);font-family:&quot;Lucida Console&quot;,Consolas,&quot;Courier New&quot;=
,monospace;font-size:13.6px">=C2=AF\_(=E3=83=84)_/=C2=AF</span><span style=
=3D"font-size:12.8px">=C2=A0:-)</span></div><div><span style=3D"font-size:1=
2.8px">[How to ask smart questions:=C2=A0</span><span style=3D"font-size:12=
.8px"><a href=3D"http://www.catb.org/~esr/faqs/smart-questions.html" target=
=3D"_blank">http://www.catb.org/~esr/faqs/smart-questions.html</a>]</span><=
/div></div></div></div></div>

--00000000000039e17f061b150adb--

From nobody Mon Jun 17 14:12:51 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W2sLK2yzCz5Nxyl
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 14:13:29 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com [IPv6:2607:f8b0:4864:20::102a])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W2sLK1Fz2z4sjy
	for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 14:13:29 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-pj1-x102a.google.com with SMTP id 98e67ed59e1d1-2c19e6dc3dcso3749892a91.3
        for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 07:13:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1718633608; x=1719238408; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=u/9ErOVH4pih7LBWyNhqRHTWtYjobfeqomaSIusVQuY=;
        b=iv4c6Isb1EmdTG0cjsmlUDCm2hngTgrW5UlZYmqwCWRjNqC1298wkCMp4IOIbbly0K
         DgpHVfTPmNYx3g8sa8lHiXI2mSZMrF3UM/LPXPWw7B2DrLPQXN6MqSAkQCboELYfIUVC
         WHL4beEmBGpAeRCemfbZabtPMBpOeA55bMD72O8oicepHvWJ9oLTbwtnchWD7n+BCZt9
         xjO+sxfnsvoOzgaCLDwXXNk96h+TcoZYDhQnDKxK4jjzl0eNXUg9GzjbMNNA+D/qpeFy
         T2aOyDnJ5PlXqjHAaGtKqFkH9o0SAW4vxHCLMpiRIZHk9qh3uG6W8EvxhgPokI/Rc3yP
         VFBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1718633608; x=1719238408;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=u/9ErOVH4pih7LBWyNhqRHTWtYjobfeqomaSIusVQuY=;
        b=uFeFYsaq4JAJtZwZc+rUfbb0dBwSXIlJkyis8kXGMEQu11nYKAuwhNgeE6/0ANwDYz
         vjIqqsBjMHI3IF09tfUwMeNmVim+B1QGMWMc9tSw9D7qiLQm3C4Fuf6BHBlvjmX1qQTW
         xIylTJ8PM3rpkB/Ridhb7RmlO0/RI22ftsez8kHSNrO1wKkZ8Qr6OuF28upJ6vUcqPKS
         HSmwkTPZIE+M3PPIfg7SzH1ld7IlQw0lMmC/nR7X2EUT4mdhQisqJWvVQ/MqknwwzSRq
         XF/DgMpHXbxXwf9SBc+NahFZXuqSsPQGx+qdcvHzaMocLS5dAHLcAJ5l8dNjC3IdMkWP
         QJPg==
X-Gm-Message-State: AOJu0Yx63y0g1eHcS0jGcJweLmYx8GKoKDuNeQ6r1/9ERj/oHARKCNau
	vDfG1Zr5tlCKS8Xu2CQG77vrS0IyhGFecYii2QBQq8DY/rJr8eL30qGAHv37qcHs4x4qG+eiVqF
	tbYEl6qW01W8j1O8/82UtFilyhpU=
X-Google-Smtp-Source: AGHT+IHzPsuc500ZPFOdWRzCWhCuxx2zdEINl7Or3L//8tnR49na66iqlyUdCj6F9u5txZKKAys6dVVVNi2sOVFyTVU=
X-Received: by 2002:a17:90b:23cb:b0:2c2:d260:e4b8 with SMTP id
 98e67ed59e1d1-2c4dc02bef7mr8965023a91.40.1718633607554; Mon, 17 Jun 2024
 07:13:27 -0700 (PDT)
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
References: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
 <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
In-Reply-To: <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
From: Mario Marietto <marietto2008@gmail.com>
Date: Mon, 17 Jun 2024 16:12:51 +0200
Message-ID: <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com>
Subject: Re: How to launch a bhyve vm as normal user,without being root
To: Odhiambo Washington <odhiambo@gmail.com>
Cc: FreeBSD virtualization <freebsd-virtualization@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000ad6f6a061b16916e"
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Queue-Id: 4W2sLK1Fz2z4sjy

--000000000000ad6f6a061b16916e
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Nice idea,but it does not work :

nano /home/marietto/.zshrc

# ~/.zshrc
# zsh autocompletion for sudo and doas
zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
/usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve

nano doas.conf

permit nopass marietto as root cmd bhyve-lin
permit nopass marietto as root cmd bhyve-win

nano 10-Debian-Now_wine-tkg-vm10

doas /usr/sbin/./bhyve-lin -S -c sockets=3D2,cores=3D2,threads=3D2 -m 8G -w=
 -H -A
\
-s 0,hostbridge \
-s
1,ahci-hd,/mnt/zroot-133/bhyve/img/Linux/Debian-now-wine-tkg.img,bootindex=
=3D1
\
-s 11,hda,play=3D/dev/dsp,rec=3D/dev/dsp \
-s 13,virtio-net,tap10 \
-s 14,virtio-9p,sharename=3D/ \
-s 29,fbuf,tcp=3D0.0.0.0:5910,w=3D1600,h=3D950,wait \
-s 30,xhci,tablet \
-s 31,lpc \
-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \
vm0:10 < /dev/null & sleep 2 && vncviewer 0:10

=3D

doas: Operation not permitted

On Mon, Jun 17, 2024 at 2:24=E2=80=AFPM Odhiambo Washington <odhiambo@gmail=
.com>
wrote:

>
>
> On Mon, Jun 17, 2024 at 2:19=E2=80=AFPM Mario Marietto <marietto2008@gmai=
l.com>
> wrote:
>
>> Hello.
>>
>> someone of you has been able to launch a bhyve vm as user using doas ?
>>
>> I'm trying but without success. First of all I created my doas.conf :
>>
>>
>> nano /usr/local/etc/doas.conf
>>
>> permit nopass :marietto cmd bhyve
>> permit nopass :marietto cmd vm-create
>>
>>
> permit nopass marietto as root cmd bhyve
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
>  In an Internet failure case, the #1 suspect is a constant: DNS.
> "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-)
> [How to ask smart questions:
> http://www.catb.org/~esr/faqs/smart-questions.html]
>


--=20
Mario.

--000000000000ad6f6a061b16916e
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Nice idea,but it does not work :</div><div><br></div>=
<div>nano /home/marietto/.zshrc</div><div><br></div><div># ~/.zshrc<br># zs=
h autocompletion for sudo and doas<br>zstyle &quot;:completion:*:(sudo|su|d=
oas):*&quot; command-path /usr/local/bin /usr/local/sbin /usr/sbin /usr/bin=
 /bin /sbin /bhyve</div><div><br></div><div>nano doas.conf</div><div><br></=
div><div>permit nopass marietto as root cmd bhyve-lin<br>permit nopass mari=
etto as root cmd bhyve-win</div><div><br></div><div></div><div>nano 10-Debi=
an-Now_wine-tkg-vm10<br></div><div><br></div><div>doas /usr/sbin/./bhyve-li=
n -S -c sockets=3D2,cores=3D2,threads=3D2 -m 8G -w -H -A \<br>-s 0,hostbrid=
ge \<br>-s 1,ahci-hd,/mnt/zroot-133/bhyve/img/Linux/Debian-now-wine-tkg.img=
,bootindex=3D1 \<br>-s 11,hda,play=3D/dev/dsp,rec=3D/dev/dsp \<br>-s 13,vir=
tio-net,tap10 \<br>-s 14,virtio-9p,sharename=3D/ \<br>-s 29,fbuf,tcp=3D<a h=
ref=3D"http://0.0.0.0:5910" target=3D"_blank">0.0.0.0:5910</a>,w=3D1600,h=
=3D950,wait \<br>-s 30,xhci,tablet \<br>-s 31,lpc \<br>-l bootrom,/usr/loca=
l/share/uefi-firmware/BHYVE_UEFI_CODE.fd \<br>vm0:10 &lt; /dev/null &amp; s=
leep 2 &amp;&amp; vncviewer 0:10</div><div><br></div><div>=3D<br></div><div=
><br></div><div>doas: Operation not permitted</div></div><br><div class=3D"=
gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Jun 17, 2024 at =
2:24=E2=80=AFPM Odhiambo Washington &lt;<a href=3D"mailto:odhiambo@gmail.co=
m" target=3D"_blank">odhiambo@gmail.com</a>&gt; wrote:<br></div><blockquote=
 class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px so=
lid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div dir=3D"ltr"><b=
r></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr=
">On Mon, Jun 17, 2024 at 2:19=E2=80=AFPM Mario Marietto &lt;<a href=3D"mai=
lto:marietto2008@gmail.com" target=3D"_blank">marietto2008@gmail.com</a>&gt=
; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px=
 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div di=
r=3D"ltr">
     =20
    <span>
     =20
    </span>
 =20
     =20
     =20
     <div>
    <div>
      <div id=3D"m_-478838054079622550m_-7454093540265596212m_-894476881096=
8800024gmail-t3_1dgm9w5-post-rtjson-content">
    <p>
    Hello.
  </p><p>
    someone of you has been able to launch a bhyve vm as user using doas ?
  </p><p>
    I&#39;m trying but without success. First of all I created my doas.conf=
 :</p><p><br></p><p></p><pre>nano /usr/local/etc/doas.conf

permit nopass :marietto cmd bhyve
permit nopass :marietto cmd vm-create<br></pre></div></div></div></div></bl=
ockquote><div></div></div><div><br></div>permit nopass marietto as root cmd=
 bhyve<br><div><br></div><span class=3D"gmail_signature_prefix">-- </span><=
br><div dir=3D"ltr" class=3D"gmail_signature"><div dir=3D"ltr"><div dir=3D"=
ltr"><div>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254 7 320=
0 0004/+254 7 2274 3223</div><div><span style=3D"color:rgb(34,34,34)">=C2=
=A0In=C2=A0</span><span style=3D"color:rgb(34,34,34)">an Internet failure c=
ase, the #1 suspect is a constant: DNS.</span><br>&quot;<span style=3D"font=
-size:12.8px">Oh, the cruft.</span><span style=3D"font-size:12.8px">&quot;,=
=C2=A0</span><span style=3D"font-size:12.8px">egrep -v &#39;^$|^.*#&#39;=C2=
=A0</span><span style=3D"background-color:rgb(34,34,34);color:rgb(238,238,2=
38);font-family:&quot;Lucida Console&quot;,Consolas,&quot;Courier New&quot;=
,monospace;font-size:13.6px">=C2=AF\_(=E3=83=84)_/=C2=AF</span><span style=
=3D"font-size:12.8px">=C2=A0:-)</span></div><div><span style=3D"font-size:1=
2.8px">[How to ask smart questions:=C2=A0</span><span style=3D"font-size:12=
.8px"><a href=3D"http://www.catb.org/~esr/faqs/smart-questions.html" target=
=3D"_blank">http://www.catb.org/~esr/faqs/smart-questions.html</a>]</span><=
/div></div></div></div></div>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>

--000000000000ad6f6a061b16916e--

From nobody Mon Jun 17 15:34:50 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W2v8x3qmsz5P5Z6
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 15:35:29 +0000 (UTC)
	(envelope-from odhiambo@gmail.com)
Received: from mail-oi1-x236.google.com (mail-oi1-x236.google.com [IPv6:2607:f8b0:4864:20::236])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W2v8x1prPz53l0
	for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 15:35:29 +0000 (UTC)
	(envelope-from odhiambo@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-oi1-x236.google.com with SMTP id 5614622812f47-3c9cc681e4fso2248782b6e.0
        for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 08:35:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1718638528; x=1719243328; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=BCIKR0I+bWcQfAExSsOh5ue7cBYDm/ByXKc1fzOnoGo=;
        b=JiQMsL0QqZHPaTFdR+LoYMRGpBeWi8dnT9/FGT4KbDN1EApi1IiKONrygRX8SJm/O1
         nmdpQTZSFu+RpbQfxxZ7X6T4zb0tck15LXrXobrwKlrZSiuo0ldaiRUUycpIDun1jD6R
         9WMC479c+F49j/Ilqz2E2le6FMCJvzKEhXIjFMZNU8d+1KNX7M0VXgHdVpoNhl+7G6/4
         fsDJwwOwIllp4erUof2SghpmdzvhnduZGzcL1K1veocXGyfc3qnEvA6YA9bqwYhjEpkt
         Z/d4lrK1KgRWJLlpCVZuffggLWB24elDHSFqTPW2jaf0cEzZ5mHbdghUqU8Kyekbfykx
         iXiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1718638528; x=1719243328;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=BCIKR0I+bWcQfAExSsOh5ue7cBYDm/ByXKc1fzOnoGo=;
        b=YRyAeXFxtfEDO53aelHDLSG8w23r/bB/e2nNRdBkOScKpvhMN6nHuI06hVPQ5ypxD5
         yh3a32gVKpEoEg0MYl5o3pnhfnI89nL0AWdy6/BwqzRDfMyKKDLU+1M+mln2hpniVOnS
         nnXIbhbEA6qAFiYGOawS0aeowkYN1+G+dixXtMezxUQ6IF9QUeiqDeHmzeYcuZoq7qRR
         jqISoowlcgoXTiqdm+rx2etz9N+6i8BRzxYvfr9+tSJbYb2YS4kQBUkNTc16MaNxe+xE
         NaiP6FQiapTCjmjFqJlpTJcRnbjNZ+bS5HNzSsFJ5i2WcoJI7NnTsY7rVm1g+p/klB5B
         jdHA==
X-Gm-Message-State: AOJu0YwYOjJybX65f7pe+8IGiDceqAx4JycxeGOgYM/2mW+XX1l+9B/t
	83k1PCiUMyWD30+odFHFpXk2TI/DJ73afKkE0igNulRD5mV4MleNjmMzSaAdZx+5IxRzqymsoy9
	74Rg+vLJ1qGC5r1O5oxbfAozx3KgwILsY+cw=
X-Google-Smtp-Source: AGHT+IELgSAh8sCQAxEyDG+wgu73WX40f8M1N7QE6IN1purv+6h8QCa1jgoguew8JkyyydHFB2D9EVNZeQAo6gY2d/k=
X-Received: by 2002:a05:6870:230d:b0:254:cf3b:b6bd with SMTP id
 586e51a60fabf-258429984edmr11961486fac.35.1718638528013; Mon, 17 Jun 2024
 08:35:28 -0700 (PDT)
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
References: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
 <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com> <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com>
In-Reply-To: <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com>
From: Odhiambo Washington <odhiambo@gmail.com>
Date: Mon, 17 Jun 2024 18:34:50 +0300
Message-ID: <CAAdA2WMw49ySJWY4OMOh+tuEK7gUwjq2a92dsrpaAfYbkx_Upg@mail.gmail.com>
Subject: Re: How to launch a bhyve vm as normal user,without being root
To: Mario Marietto <marietto2008@gmail.com>
Cc: FreeBSD virtualization <freebsd-virtualization@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000f5aab8061b17b631"
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Queue-Id: 4W2v8x1prPz53l0

--000000000000f5aab8061b17b631
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, Jun 17, 2024 at 5:13=E2=80=AFPM Mario Marietto <marietto2008@gmail.=
com>
wrote:

> Nice idea,but it does not work :
>

It worked for me!

I created a bash script file named debian.sh which contained all the bhyve
args to create the VM, then I just did:

doas debian.sh

And I actually successfully installed the VM and it's running


--=20
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]

--000000000000f5aab8061b17b631
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Mon, Jun 17, 2024 at 5:13=E2=80=AF=
PM Mario Marietto &lt;<a href=3D"mailto:marietto2008@gmail.com">marietto200=
8@gmail.com</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=
=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding=
-left:1ex"><div dir=3D"ltr"><div>Nice idea,but it does not work :</div></di=
v></blockquote><div><br></div><div>It worked for me!</div><div><br></div><d=
iv>I created a bash script file named debian.sh which contained all the bhy=
ve args to create the VM, then I just did:</div><div><br></div><div>doas de=
bian.sh</div><div><br></div><div>And I actually successfully installed the =
VM and it&#39;s running</div><div><br></div></div><div><br></div><span clas=
s=3D"gmail_signature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_=
signature"><div dir=3D"ltr"><div dir=3D"ltr"><div>Best regards,<br>Odhiambo=
 WASHINGTON,<br>Nairobi,KE<br>+254 7 3200 0004/+254 7 2274 3223</div><div><=
span style=3D"color:rgb(34,34,34)">=C2=A0In=C2=A0</span><span style=3D"colo=
r:rgb(34,34,34)">an Internet failure case, the #1 suspect is a constant: DN=
S.</span><br>&quot;<span style=3D"font-size:12.8px">Oh, the cruft.</span><s=
pan style=3D"font-size:12.8px">&quot;,=C2=A0</span><span style=3D"font-size=
:12.8px">egrep -v &#39;^$|^.*#&#39;=C2=A0</span><span style=3D"background-c=
olor:rgb(34,34,34);color:rgb(238,238,238);font-family:&quot;Lucida Console&=
quot;,Consolas,&quot;Courier New&quot;,monospace;font-size:13.6px">=C2=AF\_=
(=E3=83=84)_/=C2=AF</span><span style=3D"font-size:12.8px">=C2=A0:-)</span>=
</div><div><span style=3D"font-size:12.8px">[How to ask smart questions:=C2=
=A0</span><span style=3D"font-size:12.8px"><a href=3D"http://www.catb.org/~=
esr/faqs/smart-questions.html" target=3D"_blank">http://www.catb.org/~esr/f=
aqs/smart-questions.html</a>]</span></div></div></div></div></div>

--000000000000f5aab8061b17b631--

From nobody Mon Jun 17 15:45:38 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W2vPP6w17z5P70k
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 15:46:17 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W2vPP5756z555d
	for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 15:46:17 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-pj1-x102d.google.com with SMTP id 98e67ed59e1d1-2c19e6dc3dcso3824803a91.3
        for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 08:46:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1718639176; x=1719243976; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=nTezv5KmpAAnlQp3JrATLOTIQrcUK6mEpv3wOYFikPs=;
        b=WKw/thyloT5H+1pc5xatZNg2yWaEJsbUDHU/FA31jDDQlpXnuPo5KZhpbLcVjT6FX6
         NlzuN8CuRKI5yaWS/7haVj1m0tdBisqzhK7NpcDM0O1IWZplMKwVsxDiwE8oJoo+CNvJ
         /Z3DsZOOrxopTmMXI3CDgwdLo/87XYI2WdC5IymTZQ4akgBaTZxltd4sUSqlahidJq1J
         +8JaCnxKtI9p2W83DrNwhkQ9G4/5fdWjJWWMrOS0bUhULZfjm98agBRirDMvRiRKZ+iM
         OslTdkoK35o3aBAHlL2Y2cQplUib4vO7nPuP/wqhssnVWgvpyjbnL0BnL9TzJ3GxDze2
         KLhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1718639176; x=1719243976;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=nTezv5KmpAAnlQp3JrATLOTIQrcUK6mEpv3wOYFikPs=;
        b=usYi/ZqEdwe3ZrNJPHJhrhW1ch8FUQG+MCljM1YyYi2dwqc534dM7D8in5vU4/a41q
         0VoHEK/5PhmeKWHPY72cc88//qPo1oZQY+0wh1Fc5Pzec/t/aYacwckB1NDrorZwA7oc
         I6+1DnT7V7233LghWFmnBl08BFD3bbYiWLmX41f7nQuiRFv895cDvyPHwPW/FDr5V8lx
         hMEzaYMeJTcpBmCN7/R9cDAawGMhvYXB4z68XajHpC3vmyKVGS10n8cs0GUf3TyBBnJQ
         LVb2vyHyl8W1CwgO9fmJUJjRT/Bsj0TY5IYewJvRyMEvpI+VYSuKB0PLsiJASUiylnj9
         +OTQ==
X-Gm-Message-State: AOJu0Yw/7HqAUeLJ0+NJb76Sk6r8n12jnLChZefD16BC1NIvao/Mq+Dr
	4rfbPH64J235uMcV7cj9tuVLT7P1Lkqp8DdLq90HUJC0a1u2pSUnX+mf0EkzEj2z1Gd8uW5nCb7
	8ouhDIXz1aXbzfGMe+eayfC6OBPE=
X-Google-Smtp-Source: AGHT+IG7bqhG6RLhag8eS81N4bfCWIJtW1YSeRVXyJ5cjs30dbINauwUP/w066zJIhWWLUac+CbcFRI3ul4cd3ImCxQ=
X-Received: by 2002:a17:90a:d383:b0:2c2:fc60:c839 with SMTP id
 98e67ed59e1d1-2c4db4523damr9291582a91.29.1718639175608; Mon, 17 Jun 2024
 08:46:15 -0700 (PDT)
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
References: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
 <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
 <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com> <CAAdA2WMw49ySJWY4OMOh+tuEK7gUwjq2a92dsrpaAfYbkx_Upg@mail.gmail.com>
In-Reply-To: <CAAdA2WMw49ySJWY4OMOh+tuEK7gUwjq2a92dsrpaAfYbkx_Upg@mail.gmail.com>
From: Mario Marietto <marietto2008@gmail.com>
Date: Mon, 17 Jun 2024 17:45:38 +0200
Message-ID: <CA+1FSig=GAH0OSSVwbYSgG_XYjGcqV2g4X4cMCm777et=Vgg5w@mail.gmail.com>
Subject: Re: How to launch a bhyve vm as normal user,without being root
To: Odhiambo Washington <odhiambo@gmail.com>
Cc: FreeBSD virtualization <freebsd-virtualization@freebsd.org>
Content-Type: multipart/alternative; boundary="0000000000008f34db061b17ddef"
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Queue-Id: 4W2vPP5756z555d

--0000000000008f34db061b17ddef
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Can you paste here the contents of doas.conf and debian.sh ? thanks.

On Mon, Jun 17, 2024 at 5:35=E2=80=AFPM Odhiambo Washington <odhiambo@gmail=
.com>
wrote:

>
>
> On Mon, Jun 17, 2024 at 5:13=E2=80=AFPM Mario Marietto <marietto2008@gmai=
l.com>
> wrote:
>
>> Nice idea,but it does not work :
>>
>
> It worked for me!
>
> I created a bash script file named debian.sh which contained all the bhyv=
e
> args to create the VM, then I just did:
>
> doas debian.sh
>
> And I actually successfully installed the VM and it's running
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
>  In an Internet failure case, the #1 suspect is a constant: DNS.
> "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-)
> [How to ask smart questions:
> http://www.catb.org/~esr/faqs/smart-questions.html]
>


--=20
Mario.

--0000000000008f34db061b17ddef
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Can you paste here the contents of doas.conf and debian.sh=
 ? thanks.<br></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=
=3D"gmail_attr">On Mon, Jun 17, 2024 at 5:35=E2=80=AFPM Odhiambo Washington=
 &lt;<a href=3D"mailto:odhiambo@gmail.com">odhiambo@gmail.com</a>&gt; wrote=
:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.=
8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"lt=
r"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote"><div dir=3D"lt=
r" class=3D"gmail_attr">On Mon, Jun 17, 2024 at 5:13=E2=80=AFPM Mario Marie=
tto &lt;<a href=3D"mailto:marietto2008@gmail.com" target=3D"_blank">mariett=
o2008@gmail.com</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" s=
tyle=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);pad=
ding-left:1ex"><div dir=3D"ltr"><div>Nice idea,but it does not work :</div>=
</div></blockquote><div><br></div><div>It worked for me!</div><div><br></di=
v><div>I created a bash script file named debian.sh which contained all the=
 bhyve args to create the VM, then I just did:</div><div><br></div><div>doa=
s debian.sh</div><div><br></div><div>And I actually successfully installed =
the VM and it&#39;s running</div><div><br></div></div><div><br></div><span =
class=3D"gmail_signature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gm=
ail_signature"><div dir=3D"ltr"><div dir=3D"ltr"><div>Best regards,<br>Odhi=
ambo WASHINGTON,<br>Nairobi,KE<br>+254 7 3200 0004/+254 7 2274 3223</div><d=
iv><span style=3D"color:rgb(34,34,34)">=C2=A0In=C2=A0</span><span style=3D"=
color:rgb(34,34,34)">an Internet failure case, the #1 suspect is a constant=
: DNS.</span><br>&quot;<span style=3D"font-size:12.8px">Oh, the cruft.</spa=
n><span style=3D"font-size:12.8px">&quot;,=C2=A0</span><span style=3D"font-=
size:12.8px">egrep -v &#39;^$|^.*#&#39;=C2=A0</span><span style=3D"backgrou=
nd-color:rgb(34,34,34);color:rgb(238,238,238);font-family:&quot;Lucida Cons=
ole&quot;,Consolas,&quot;Courier New&quot;,monospace;font-size:13.6px">=C2=
=AF\_(=E3=83=84)_/=C2=AF</span><span style=3D"font-size:12.8px">=C2=A0:-)</=
span></div><div><span style=3D"font-size:12.8px">[How to ask smart question=
s:=C2=A0</span><span style=3D"font-size:12.8px"><a href=3D"http://www.catb.=
org/~esr/faqs/smart-questions.html" target=3D"_blank">http://www.catb.org/~=
esr/faqs/smart-questions.html</a>]</span></div></div></div></div></div>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>

--0000000000008f34db061b17ddef--

From nobody Mon Jun 17 16:54:03 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W2ww207cNz5PDr4
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 16:54:26 +0000 (UTC)
	(envelope-from dch@skunkwerks.at)
Received: from fhigh2-smtp.messagingengine.com (fhigh2-smtp.messagingengine.com [103.168.172.153])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W2ww136H4z40hd
	for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 16:54:25 +0000 (UTC)
	(envelope-from dch@skunkwerks.at)
Authentication-Results: mx1.freebsd.org;
	none
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46])
	by mailfhigh.nyi.internal (Postfix) with ESMTP id 2EBC4114023F;
	Mon, 17 Jun 2024 12:54:24 -0400 (EDT)
Received: from imap44 ([10.202.2.94])
  by compute2.internal (MEProxy); Mon, 17 Jun 2024 12:54:24 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at;
	 h=cc:cc:content-type:content-type:date:date:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:subject:subject:to:to; s=fm2; t=1718643264; x=
	1718729664; bh=gOVimCjhZMS21h0csB1DS+DrditWc2epAml401Zro98=; b=X
	jGKBAObDu7ZdnAWtdFsGPviH9Wn2mEDz6Kw8w7RMTwiD4gGq2ol3v1AFS8ATjWAK
	6qk6gxtayzCQPAnlzp+ycBC9/mxrwQ9BKv6hH4tdSxtcG/xkFZNymPiT5d4gLyo9
	aHjBub4/xfynM5Qx5DnZssEk/KYdAyDWQdtVvdqOOX+VfC/ivgdr78AVLdQz1EVx
	/MTpnIpc0kz62mZcOHxDBvHKCt4ZnYYte8gb4QNKt0idbrEjo2r9s89QAc3mIIPk
	ufEGBezzot4MApiUoHLWh2O3BOO5R9h6K/b6+6NQVXJw7xkHrYN+WikB9dRjSDbd
	3JXRXy50Pda7MifsQCDlQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm1; t=1718643264; x=1718729664; bh=gOVimCjhZMS21h0csB1DS+DrditW
	c2epAml401Zro98=; b=TYTGNpNBy6E6AX0WhOh5YaqU/E/Fh7YhOhMnjWMUM2F0
	5bClWzvzNFcF41kwS2deUNlTor+QgxserBQ3NVfeUI8YEKJ1iZ67DKJfgFyXD+C2
	xGAsberkojnc1GXTSbZSxsLzmmm1yflxFOgBnnNWGEymCLkaCphk0uWP1jO/zqUH
	44dL3Ijyeerj1rGgudSe3cz1ZGkW64nHfyPzmPNC6rNFrR708nINg4oINS4gUEPt
	Ke6e279A9L4NpFFHeBMEkpwl47yqgUfo/flW3fht3hNkobsQj7X4qm4WkllwFz1R
	iVYwFCTt6RJVg913/zdGpLVzc9TQ6Yo0N6jkAQkNJA==
X-ME-Sender: <xms:P2pwZrfVa421n6i5jUIs5d9OhbtEesLehzazCvYJRHxpeg33KGtklQ>
    <xme:P2pwZhOFlheCAUPZ4FQHSFr1tvKs7dpUO9q_p_pDZLspQMArg1D2UqCk8gFgMkRAW
    -Er2LAvaxoNEPQ57Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrfedvhedguddtiecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
    necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
    enucfjughrpefofgggkfgjfhffhffvvefutgesthdtredtreertdenucfhrhhomhepfdff
    rghvvgcuvehothhtlhgvhhhusggvrhdfuceouggthhesshhkuhhnkhifvghrkhhsrdgrth
    eqnecuggftrfgrthhtvghrnheptddtteduvdffuedviefhjedtlefggeelhfelieetgfeh
    tdduieeguddtkedtudfhnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrg
    hilhhfrhhomhepuggthhesshhkuhhnkhifvghrkhhsrdgrth
X-ME-Proxy: <xmx:P2pwZkgTimWHmdQieuXJc95rbln7LtAU5XipIKI43Yx0jGEXT6aXHA>
    <xmx:P2pwZs9RYMTG3Ln2Bhs96rOZdLwq2vQiA5RcRXbTy3ObZYivtnZG2Q>
    <xmx:P2pwZnuTmk98WPRIeRG20gxmu0qhNYZQ17W3ASh0tFoONM8rbNrUDA>
    <xmx:P2pwZrHpm-W8J-wTu5z2eOdU2bDCfx7ICgDeViWbO_eH3C9FCLHn9Q>
    <xmx:QGpwZg51GLc19PCRGKww5jkyr3DK2HeA-AuMLywSx3KOjp4Gjw9J4ysr>
Feedback-ID: ic0e84090:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id D5D5336A0076; Mon, 17 Jun 2024 12:54:23 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-522-ga39cca1d5-fm-20240610.002-ga39cca1d
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
Message-Id: <86a551c1-7f10-450d-a282-b33f959ed93e@app.fastmail.com>
In-Reply-To: 
 <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com>
References: 
 <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
 <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
 <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com>
Date: Mon, 17 Jun 2024 16:54:03 +0000
From: "Dave Cottlehuber" <dch@skunkwerks.at>
To: "Mario Marietto" <marietto2008@gmail.com>,
 "Odhiambo Washington" <odhiambo@gmail.com>
Cc: freebsd-virtualization <freebsd-virtualization@freebsd.org>
Subject: Re: How to launch a bhyve vm as normal user,without being root
Content-Type: text/plain
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:209242, ipnet:103.168.172.0/24, country:US]
X-Rspamd-Queue-Id: 4W2ww136H4z40hd

On Mon, 17 Jun 2024, at 14:12, Mario Marietto wrote:
> Nice idea,but it does not work :
>
> nano /home/marietto/.zshrc
>
> # ~/.zshrc

Hi Mario, I think your zsh stuff is getting in the way
here. Your zshrc function is not visible to the root user,
as doas cleans up all the env and so your function is unknown.

So start off with something without bhyve, make sure you are in
wheel group, and add a shell script called
/usr/local/bin/hallo:

```
#!/bin/sh
echo hallo $USER
```

chmod 0755 /usr/local/bin/hallo

```
# /usr/local/etc/doas.conf (per doas.conf manpage)
permit nopass :wheel as root cmd /usr/local/bin/hallo
```

$ doas /usr/local/bin/hallo
hallo root

then replace your bhyve commands in the hallo script.

Off the top of my head there's no reason for bhyve to need
anything different to hallo script.
A+
Dave

From nobody Mon Jun 17 17:39:26 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W2xwj3drrz5PHqk
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 17:40:05 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Received: from mail-pg1-x52b.google.com (mail-pg1-x52b.google.com [IPv6:2607:f8b0:4864:20::52b])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W2xwj1s0rz45gc
	for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 17:40:05 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-pg1-x52b.google.com with SMTP id 41be03b00d2f7-6fb2f398423so2767540a12.0
        for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 10:40:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1718646003; x=1719250803; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=PQU/bcivLSK6z9ArOw8DGhHSMGiwbCcMdtkWRKEcN0o=;
        b=cDHHtgXTz1lIkDbP5bxjhElMayu/oI2kx4lb315G2q5uQ19MUgnPgYFgPxmj1d9Zg+
         H+rykRjlzMgjXLOLgPqseIK+08cqEsTyBIxEaICQURI6Pd+KRIyg8a8JpD1pEyeOt24y
         5fXLhgyEpULQ/4G9pTJBh/ajcOXz2U8MIlvrKRgu3J0QYJEJ7Wd98M3Z63HF/ub5+gZV
         Uizphrv3/prOBxMbyBJxRoH4PBycgCGoQXzxMnBJPaPZygnKRzbspTHZB/D0G4WPOk2q
         dBkOb/APRV4jYHtCiJYnPwyapjTjTg2HulX+vfGwxc1fPOYt9/6fL59YKhPD44SE4xXH
         uOWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1718646003; x=1719250803;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=PQU/bcivLSK6z9ArOw8DGhHSMGiwbCcMdtkWRKEcN0o=;
        b=SqWYAOAmAULGY1JQ1DvSXC/y7T6OQVU5rlO1mXYL2i1N9/BBIjeGCOVcr8VY77xqa9
         02UAb/RA8LxFqjEI5D6HBg0LNXOFaPNOsg+Bz9JFTRYL9nPyAT+leYKz39Fq+2a890Rq
         mrysMSryxIOJl1ark7SrDDAV8Me1qTT6EL3Hdi6MDZ26SNYnvWu4cdSGijC7lOa+odZh
         EQrXyrGymtcphFjpOx/cyS3/skRpx+bwm5ixer7JWcxgPOKwPbpoKg4Y36F9jL3Oo9Fy
         lY7n2nVQp0iShBuFBeBM1TTaQHmCMEtisv1VyrFuEGxWsVQrvwX3oeOhe8Zk6Zavwkan
         0Drg==
X-Forwarded-Encrypted: i=1; AJvYcCXicJZIDS7CqY6e64pqIrPbqDPGNjNxrafYjz409qyvVcmcnTF0dlSX6In/K9B71diQHX+6uyKVrPn9PX3MgqYDy2na/aTiWda/NTlYXAheE+72
X-Gm-Message-State: AOJu0Yz09MUmE2ggVI/8ErqwOvrBt4ToDQ/kqTqOM78cwAQghazxdDhN
	w0zGYMljR1dVZBtjr1ZqIOa5qzPmBjSomD9NGJtvhrVkTkHKiBYXPCMSc5K9eYTIf4uXFbkMDiy
	EXnyr/weRdsgmtPreTkN2ON3ol3o30I5JEPU=
X-Google-Smtp-Source: AGHT+IGbe68Cr8k/rtD6vwLOPPh/OMuph41KbUaj6rey4AARD97pDuLdk1tfFxKbQpgvCcgKKy5PMCtHDRM2v+5W2j4=
X-Received: by 2002:a17:90a:db55:b0:2c3:2592:110c with SMTP id
 98e67ed59e1d1-2c4dbb43e62mr9738154a91.36.1718646003527; Mon, 17 Jun 2024
 10:40:03 -0700 (PDT)
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
References: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
 <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
 <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com> <86a551c1-7f10-450d-a282-b33f959ed93e@app.fastmail.com>
In-Reply-To: <86a551c1-7f10-450d-a282-b33f959ed93e@app.fastmail.com>
From: Mario Marietto <marietto2008@gmail.com>
Date: Mon, 17 Jun 2024 19:39:26 +0200
Message-ID: <CA+1FSighjAkOAtzyX3HBy4h0ZnTVckjF9adnWMpAR3m=xW0dUA@mail.gmail.com>
Subject: Re: How to launch a bhyve vm as normal user,without being root
To: Dave Cottlehuber <dch@skunkwerks.at>
Cc: Odhiambo Washington <odhiambo@gmail.com>, 
	freebsd-virtualization <freebsd-virtualization@freebsd.org>
Content-Type: multipart/alternative; boundary="00000000000088fabc061b197457"
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Queue-Id: 4W2xwj1s0rz45gc

--00000000000088fabc061b197457
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

[marietto@marietto /bhyve]=3D=3D> sudo cp 12-Win-11-vm12 /usr/sbin

[marietto@marietto /bhyve]=3D=3D> nano /usr/sbin/12-Win-11-vm12

#!/bin/sh

bhyve-win -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \
-S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \
-s 0,hostbridge \
-s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,bootindex=3D1 \
-s 2,ahci-hd,/dev/$vmdisk5 \
-s 8:0,passthru,2/0/0 \
-s 8:1,passthru,2/0/1 \
-s 8:2,passthru,2/0/2 \
-s 8:3,passthru,2/0/3 \
-s 13,virtio-net,tap12 \
-s 29,fbuf,tcp=3D0.0.0.0:5912,w=3D1600,h=3D950,wait \
-s 30,xhci,tablet \
-s 31,lpc \
-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \
vm0:12 < /dev/null & sleep 2 && vncviewer 0:12

[marietto@marietto /bhyve]=3D=3D> sudo chmod 0755 /usr/sbin/12-Win-11-vm12

[marietto@marietto /bhyve]=3D=3D> sudo nano /usr/local/etc/doas.conf

permit nopass :wheel as root cmd /usr/sbin/bhyve-win
permit nopass :wheel as root cmd /usr/sbin/bhyve-lin

[marietto@marietto /bhyve]=3D=3D> doas /usr/sbin/12-Win-11-vm12
doas: Operation not permitted

BUT :

[marietto@marietto /bhyve]=3D=3D> sudo nano /usr/sbin/hallo

#!/bin/sh
echo hallo $USER

[marietto@marietto /bhyve]=3D=3D> sudo chmod 0755 /usr/sbin/hallo

[marietto@marietto /bhyve]=3D=3D> sudo nano /usr/local/etc/doas.conf

permit nopass :wheel as root cmd hallo

[marietto@marietto /bhyve]=3D=3D> doas hallo

BOOM ! it works :

hallo root

On Mon, Jun 17, 2024 at 6:54=E2=80=AFPM Dave Cottlehuber <dch@skunkwerks.at=
> wrote:

> On Mon, 17 Jun 2024, at 14:12, Mario Marietto wrote:
> > Nice idea,but it does not work :
> >
> > nano /home/marietto/.zshrc
> >
> > # ~/.zshrc
>
> Hi Mario, I think your zsh stuff is getting in the way
> here. Your zshrc function is not visible to the root user,
> as doas cleans up all the env and so your function is unknown.
>
> So start off with something without bhyve, make sure you are in
> wheel group, and add a shell script called
> /usr/local/bin/hallo:
>
> ```
> #!/bin/sh
> echo hallo $USER
> ```
>
> chmod 0755 /usr/local/bin/hallo
>
> ```
> # /usr/local/etc/doas.conf (per doas.conf manpage)
> permit nopass :wheel as root cmd /usr/local/bin/hallo
> ```
>
> $ doas /usr/local/bin/hallo
> hallo root
>
> then replace your bhyve commands in the hallo script.
>
> Off the top of my head there's no reason for bhyve to need
> anything different to hallo script.
> A+
> Dave
>


--=20
Mario.

--00000000000088fabc061b197457
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>[marietto@marietto /bhyve]=3D=3D&gt; sudo cp 12-Win-1=
1-vm12 /usr/sbin</div><div><br></div><div>[marietto@marietto /bhyve]=3D=3D&=
gt; nano /usr/sbin/12-Win-11-vm12</div><div><br></div><div>#!/bin/sh</div><=
div><br></div><div>bhyve-win -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G =
-w -H \<br>-S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \<br>-s 0,ho=
stbridge \<br>-s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,booti=
ndex=3D1 \<br>-s 2,ahci-hd,/dev/$vmdisk5 \<br>-s 8:0,passthru,2/0/0 \<br>-s=
 8:1,passthru,2/0/1 \<br>-s 8:2,passthru,2/0/2 \<br>-s 8:3,passthru,2/0/3 \=
<br>-s 13,virtio-net,tap12 \<br>-s 29,fbuf,tcp=3D<a href=3D"http://0.0.0.0:=
5912">0.0.0.0:5912</a>,w=3D1600,h=3D950,wait \<br>-s 30,xhci,tablet \<br>-s=
 31,lpc \<br>-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \=
<br>vm0:12 &lt; /dev/null &amp; sleep 2 &amp;&amp; vncviewer 0:12</div><div=
><br></div><div>
<div>[marietto@marietto /bhyve]=3D=3D&gt; sudo chmod 0755 /usr/sbin/12-Win-=
11-vm12</div><div><br></div><div>[marietto@marietto /bhyve]=3D=3D&gt; sudo =
nano /usr/local/etc/doas.conf</div><div><br></div><div>permit nopass :wheel=
 as root cmd /usr/sbin/bhyve-win<br>permit nopass :wheel as root cmd /usr/s=
bin/bhyve-lin</div><div><br></div><div>
[marietto@marietto /bhyve]=3D=3D&gt; doas /usr/sbin/12-Win-11-vm12</div><di=
v></div><div>doas: Operation not permitted</div></div><div><br></div><div>B=
UT :</div><div><br></div><div>[marietto@marietto /bhyve]=3D=3D&gt; sudo nan=
o /usr/sbin/hallo<br>
<br>
#!/bin/sh<br>
echo hallo $USER</div><div><br></div><div>
[marietto@marietto /bhyve]=3D=3D&gt; sudo chmod 0755 /usr/sbin/hallo</div><=
div><br></div><div>[marietto@marietto /bhyve]=3D=3D&gt; sudo nano /usr/loca=
l/etc/doas.conf<br></div><div><br></div><div>permit nopass :wheel as root c=
md hallo</div><div><br></div><div>[marietto@marietto /bhyve]=3D=3D&gt; doas=
 hallo</div><div><br></div><div>BOOM ! it works :</div><div></div><div><br>
</div><div>hallo root</div></div><br><div class=3D"gmail_quote"><div dir=3D=
"ltr" class=3D"gmail_attr">On Mon, Jun 17, 2024 at 6:54=E2=80=AFPM Dave Cot=
tlehuber &lt;<a href=3D"mailto:dch@skunkwerks.at">dch@skunkwerks.at</a>&gt;=
 wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px =
0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Mon, =
17 Jun 2024, at 14:12, Mario Marietto wrote:<br>
&gt; Nice idea,but it does not work :<br>
&gt;<br>
&gt; nano /home/marietto/.zshrc<br>
&gt;<br>
&gt; # ~/.zshrc<br>
<br>
Hi Mario, I think your zsh stuff is getting in the way<br>
here. Your zshrc function is not visible to the root user,<br>
as doas cleans up all the env and so your function is unknown.<br>
<br>
So start off with something without bhyve, make sure you are in<br>
wheel group, and add a shell script called<br>
/usr/local/bin/hallo:<br>
<br>
```<br>
#!/bin/sh<br>
echo hallo $USER<br>
```<br>
<br>
chmod 0755 /usr/local/bin/hallo<br>
<br>
```<br>
# /usr/local/etc/doas.conf (per doas.conf manpage)<br>
permit nopass :wheel as root cmd /usr/local/bin/hallo<br>
```<br>
<br>
$ doas /usr/local/bin/hallo<br>
hallo root<br>
<br>
then replace your bhyve commands in the hallo script.<br>
<br>
Off the top of my head there&#39;s no reason for bhyve to need<br>
anything different to hallo script.<br>
A+<br>
Dave<br>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>

--00000000000088fabc061b197457--

From nobody Mon Jun 17 17:52:53 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W2yCj57cyz5PKC1
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 17:53:05 +0000 (UTC)
	(envelope-from mp@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W2yCj4jKkz47Hb
	for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 17:53:05 +0000 (UTC)
	(envelope-from mp@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1718646785;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=YuhWkEGDMt5ERQ4nUb2KNC+cklYjUloDf7Xl6KBT4uQ=;
	b=jdgRvlPIFq9ARJlZiFFlvL9hVEgMnnaOQ1iGz56UMTqImm+kXQHicSh/sqbqBk5enUhbbm
	kHbqB8LlLFPDfKxP7xZWCCQYwsWiAdsV3SFnsxymrMqegPQcEHxvMlFx3wxeMsdT7fQLs6
	6sUmrAPFxC+e4dxoGXytyy88UDWlEmTaBQUG1cjOrVCJ9W/NCHERFEKf6T22VrgB9PO2ql
	trdjQaBMPqoS6JNEQA93w4ooV2Osh04oC7Rpgo3KVlcLNPsUzd8U0lbWGQ6s0gBFcGQl+j
	6Ro1lahQMtW8vI7hggNUpZfcXvNrlK2WpX3BUZKw9yQSidjmqm5ZclyP3K9I3A==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1718646785; a=rsa-sha256; cv=none;
	b=XkfOdwMh8tf9u/31F1oeoSZZcpgkErn49sAALKxpJ9XzHN2g/EXjmpqbM7L/ON7L8wWyGU
	fyOTsykzqqUR4KqRRxmO21kJia9KIrLC8z6OjLNDa6Tcsa7RqH/xtt+/GSamvQQ38uaxUW
	l3VeEo4GwOy4LwmV2SfhiWTJj8VA5KPggRarg2IcFYVeIWjobGk/I6YMzkiWDFDl9lSXBy
	tjAeph9vOHkXbyp79LsvloFnCD31m1A78nWnIpCeos/8XIOzdP7zN3hZFK5jG/Jt/SIm4v
	Hn5s6SQZj2wJB/hkJXlfYvcSIEh2fWYbQK5FMMMSKNSEga4DZ4gfaRe4MJTaeg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1718646785;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=YuhWkEGDMt5ERQ4nUb2KNC+cklYjUloDf7Xl6KBT4uQ=;
	b=QbzOXiW0JWD0xBqI0YbCkOhKm3SX/qPJLAcRXehea3kCU8T1cef+1eWWY9dM+rEB//Q50c
	BoaM1mpNq41UlXf9hio2Ta8NL2IIAZdlF74IoVnI9XFgXUeVz+qXm/tMBg8g0TjIqREVdD
	ADq5XL+ycRUBnHUa2J4SlpoR6M3QBE9NKERQBz6LvRUSixiXkhZKn9jSEsmW+KdTkKlH5b
	Z7cUWrqBRHNzleH8E7/uYo6r7IIjxCGiyr/kIk32tC1iDsYfLWeH3ZYNR8Q5iGnT90oYmd
	KNYiqgtUP/xuCfSqQl2g/VnOIYVIteB/CYV+Ky5rHyC92lNkR8FPa3F3WdhM+g==
Received: from mail-yb1-f180.google.com (mail-yb1-f180.google.com [209.85.219.180])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	(Authenticated sender: mp)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4W2yCj3z3BzVVq
	for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 17:53:05 +0000 (UTC)
	(envelope-from mp@freebsd.org)
Received: by mail-yb1-f180.google.com with SMTP id 3f1490d57ef6-dff302847a8so2175405276.0
        for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 10:53:05 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCUjJPn6LcUs9kH4MB8QJkRRtsH67I01fYPjeKS7C9KsC85997hb9bxKaISKZNUCZKNNLxcKDDMGbFUA6cHVGl8Jok1U/6+rnOOtgGujqb5/NpHM
X-Gm-Message-State: AOJu0YxOPQF/CcNDW7HWwAki/CzXQm+/1eoCRFNKm8U9ESvtORu0D5ZD
	4FGgSusCw/rIgk9pSV2LnrxbiDq9buqvs8p6YL7Cwv0ZqNActSD+dEO/Sz7bV4YZgag/Hu7iV0k
	qVXTlAQk7OrKLnLDLdmiXqQSVVzlZd8pAEOfz3A==
X-Google-Smtp-Source: AGHT+IFDwLIpyyHM8OiaEe1Ru+bn0409UXAaJAtJqXHSAti8MSMLwgGE1XUETegOMQVGvgvldFcc5Yf58QLMn46GVmY=
X-Received: by 2002:a25:2fc6:0:b0:dcc:d694:b4a6 with SMTP id
 3f1490d57ef6-dff153827b8mr9324692276.15.1718646784411; Mon, 17 Jun 2024
 10:53:04 -0700 (PDT)
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
References: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
 <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
 <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com>
 <86a551c1-7f10-450d-a282-b33f959ed93e@app.fastmail.com> <CA+1FSighjAkOAtzyX3HBy4h0ZnTVckjF9adnWMpAR3m=xW0dUA@mail.gmail.com>
In-Reply-To: <CA+1FSighjAkOAtzyX3HBy4h0ZnTVckjF9adnWMpAR3m=xW0dUA@mail.gmail.com>
From: Mark Peek <mp@freebsd.org>
Date: Mon, 17 Jun 2024 10:52:53 -0700
X-Gmail-Original-Message-ID: <CAGGgMJfoAHFv2uJBzz+cJ-pe0tUX=BVaCxM3y5SU-cUxGHcs9A@mail.gmail.com>
Message-ID: <CAGGgMJfoAHFv2uJBzz+cJ-pe0tUX=BVaCxM3y5SU-cUxGHcs9A@mail.gmail.com>
Subject: Re: How to launch a bhyve vm as normal user,without being root
To: Mario Marietto <marietto2008@gmail.com>
Cc: Dave Cottlehuber <dch@skunkwerks.at>, Odhiambo Washington <odhiambo@gmail.com>, 
	freebsd-virtualization <freebsd-virtualization@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Likely need to add this as it is what you are passing to doas as the
command to execute:

permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12

Mark

On Mon, Jun 17, 2024 at 10:40=E2=80=AFAM Mario Marietto <marietto2008@gmail=
.com> wrote:
>
> [marietto@marietto /bhyve]=3D=3D> sudo cp 12-Win-11-vm12 /usr/sbin
>
> [marietto@marietto /bhyve]=3D=3D> nano /usr/sbin/12-Win-11-vm12
>
> #!/bin/sh
>
> bhyve-win -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \
> -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \
> -s 0,hostbridge \
> -s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,bootindex=3D1 \
> -s 2,ahci-hd,/dev/$vmdisk5 \
> -s 8:0,passthru,2/0/0 \
> -s 8:1,passthru,2/0/1 \
> -s 8:2,passthru,2/0/2 \
> -s 8:3,passthru,2/0/3 \
> -s 13,virtio-net,tap12 \
> -s 29,fbuf,tcp=3D0.0.0.0:5912,w=3D1600,h=3D950,wait \
> -s 30,xhci,tablet \
> -s 31,lpc \
> -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \
> vm0:12 < /dev/null & sleep 2 && vncviewer 0:12
>
> [marietto@marietto /bhyve]=3D=3D> sudo chmod 0755 /usr/sbin/12-Win-11-vm1=
2
>
> [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/local/etc/doas.conf
>
> permit nopass :wheel as root cmd /usr/sbin/bhyve-win
> permit nopass :wheel as root cmd /usr/sbin/bhyve-lin
>
> [marietto@marietto /bhyve]=3D=3D> doas /usr/sbin/12-Win-11-vm12
> doas: Operation not permitted
>
> BUT :
>
> [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/sbin/hallo
>
> #!/bin/sh
> echo hallo $USER
>
> [marietto@marietto /bhyve]=3D=3D> sudo chmod 0755 /usr/sbin/hallo
>
> [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/local/etc/doas.conf
>
> permit nopass :wheel as root cmd hallo
>
> [marietto@marietto /bhyve]=3D=3D> doas hallo
>
> BOOM ! it works :
>
> hallo root
>
> On Mon, Jun 17, 2024 at 6:54=E2=80=AFPM Dave Cottlehuber <dch@skunkwerks.=
at> wrote:
>>
>> On Mon, 17 Jun 2024, at 14:12, Mario Marietto wrote:
>> > Nice idea,but it does not work :
>> >
>> > nano /home/marietto/.zshrc
>> >
>> > # ~/.zshrc
>>
>> Hi Mario, I think your zsh stuff is getting in the way
>> here. Your zshrc function is not visible to the root user,
>> as doas cleans up all the env and so your function is unknown.
>>
>> So start off with something without bhyve, make sure you are in
>> wheel group, and add a shell script called
>> /usr/local/bin/hallo:
>>
>> ```
>> #!/bin/sh
>> echo hallo $USER
>> ```
>>
>> chmod 0755 /usr/local/bin/hallo
>>
>> ```
>> # /usr/local/etc/doas.conf (per doas.conf manpage)
>> permit nopass :wheel as root cmd /usr/local/bin/hallo
>> ```
>>
>> $ doas /usr/local/bin/hallo
>> hallo root
>>
>> then replace your bhyve commands in the hallo script.
>>
>> Off the top of my head there's no reason for bhyve to need
>> anything different to hallo script.
>> A+
>> Dave
>
>
>
> --
> Mario.

From nobody Mon Jun 17 18:34:52 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W2z8h2rb0z5PNct
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 18:35:32 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Received: from mail-pg1-x535.google.com (mail-pg1-x535.google.com [IPv6:2607:f8b0:4864:20::535])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W2z8g6GBKz4Fk2;
	Mon, 17 Jun 2024 18:35:31 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-pg1-x535.google.com with SMTP id 41be03b00d2f7-6e3741519d7so3196710a12.2;
        Mon, 17 Jun 2024 11:35:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1718649330; x=1719254130; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=dw/eCWTIoN6aJrxpcIppLTwhRSDI3y41HOgvkZAZbwQ=;
        b=jQb0iLP2gVn9ExlVN5t0oiW1zOjNPsWYjsGCo2mGbdJGyKaBSe24P7srqfwd3XFEJb
         8KM4NuDRntd4eKgJ08v2DG5WujxIpsTbfDnukGy1XcXMHFkkC/AxFNDKuuHTFvcRach+
         L0kGDAlJ71ICOhN2FVfcvEPeDwzh4b1j72eCt/4UFPZyPwSVFnyUXQjDKOC1nwKpmRM4
         mCuAXUKwxJzF/O6/7o+hhL7AkMYnAayw5cEZEuNKE584yfzh5Xk/7xQ0Rogjs3AWOe+Q
         hm+FVm+hoDd4N4PsnLfJGVpIZRm47iyk5PiSDkRWaofvZVAWD3c8qa84GdEPPX5xcWua
         kGdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1718649330; x=1719254130;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=dw/eCWTIoN6aJrxpcIppLTwhRSDI3y41HOgvkZAZbwQ=;
        b=Bnz8DOImF3Mw0pjCDP1b+pZv0AjNoWR8H01LXxIpFp/guGscIwaveglw+nMeeNh3/8
         sRf60ifKW4Vi51stBf9Fd+igJusrWSuqU6x60CexQRI5iNxL8Pq/yDbv1Ar5v2ifgSiW
         XRfxsgIrtqw4Nk/KW4NqhzFbYgGTYFiPDPjTLLqSmmQ09EmjDkzVxKCOW5zqBVLp8Dw2
         1BNRRFoLtBva4OsibaFl56bv/03wC/wT0Qof8aR73UI106pQ9cm8P0DJu4muSVnWrG95
         GFqMoA6oNIJUeYW1ococRizI0bPCrIENfJxqoXd1HxzRiAITuBw29yUrX9qF4xDML33H
         njGw==
X-Forwarded-Encrypted: i=1; AJvYcCXqVPfRNW/jJCtHATc1iKs+cevsArvO98EiFeuknGX8LAgbppCiVH9zWZQKY/rPjMj7zBBIeKLbAJKP3tzKYTY93kPHVlN28gAu3/7hTeCpUKuh
X-Gm-Message-State: AOJu0YzaX4VSxuqahWIUYxX2F9DzpL0vDgGByHIdJmAeC6qnziMd2lan
	idCNlp2Jf/8eDT8+7jtUBSU5l0Rum/nT7g07o6ioffQZ0eSaCoCWocOoSeMr5BaGfBDIQBmt9s9
	fZUxh5g7jaC3EoXkWGRvpRkDuNYu3tkWl
X-Google-Smtp-Source: AGHT+IHq/8y1rPIi7/JOax4llFH8P7RuY/4MtcPpry2CsRStT5o0SOukEw9HaBHRqv68YDlFYmg4WnYXkgIzsZKu0bw=
X-Received: by 2002:a17:90a:db55:b0:2c3:2592:110c with SMTP id
 98e67ed59e1d1-2c4dbb43e62mr9869391a91.36.1718649329572; Mon, 17 Jun 2024
 11:35:29 -0700 (PDT)
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
References: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
 <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
 <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com>
 <86a551c1-7f10-450d-a282-b33f959ed93e@app.fastmail.com> <CA+1FSighjAkOAtzyX3HBy4h0ZnTVckjF9adnWMpAR3m=xW0dUA@mail.gmail.com>
 <CAGGgMJfoAHFv2uJBzz+cJ-pe0tUX=BVaCxM3y5SU-cUxGHcs9A@mail.gmail.com>
In-Reply-To: <CAGGgMJfoAHFv2uJBzz+cJ-pe0tUX=BVaCxM3y5SU-cUxGHcs9A@mail.gmail.com>
From: Mario Marietto <marietto2008@gmail.com>
Date: Mon, 17 Jun 2024 20:34:52 +0200
Message-ID: <CA+1FSihHFejcobwVdGhtus4P8uRDkPyXDhQtrBCp-EWxPz=MPg@mail.gmail.com>
Subject: Re: How to launch a bhyve vm as normal user,without being root
To: Mark Peek <mp@freebsd.org>
Cc: Dave Cottlehuber <dch@skunkwerks.at>, Odhiambo Washington <odhiambo@gmail.com>, 
	freebsd-virtualization <freebsd-virtualization@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000c863f1061b1a3aa0"
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Queue-Id: 4W2z8g6GBKz4Fk2

--000000000000c863f1061b1a3aa0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

If I keep the bhyve scripts in /usr/sbin,it works. But I want to keep the
bhyve scripts in /bhyve and I don't want to keep them in /usr/sbin. For
this reason I've added the path /bhyve to /home/marietto/.zshrc like this :

# ~/.zshrc

# zsh autocompletion for sudo and doas
zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
/usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve

and in /root/.zshrc :

# zsh autocompletion for sudo and doas
zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
/usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve

but when I try to run the vm like this :

[marietto@marietto /bhyve]=3D=3D> doas 12-Win-11-vm12

it says :

doas: 12-Win-11-vm12: command not found

and when I do :

[marietto@marietto /bhyve]=3D=3D> doas ./12-Win-11-vm12

it says :

doas: Operation not permitted

Why ?


On Mon, Jun 17, 2024 at 7:53=E2=80=AFPM Mark Peek <mp@freebsd.org> wrote:

> Likely need to add this as it is what you are passing to doas as the
> command to execute:
>
> permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12
>
> Mark
>
> On Mon, Jun 17, 2024 at 10:40=E2=80=AFAM Mario Marietto <marietto2008@gma=
il.com>
> wrote:
> >
> > [marietto@marietto /bhyve]=3D=3D> sudo cp 12-Win-11-vm12 /usr/sbin
> >
> > [marietto@marietto /bhyve]=3D=3D> nano /usr/sbin/12-Win-11-vm12
> >
> > #!/bin/sh
> >
> > bhyve-win -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \
> > -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \
> > -s 0,hostbridge \
> > -s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,bootindex=3D1 \
> > -s 2,ahci-hd,/dev/$vmdisk5 \
> > -s 8:0,passthru,2/0/0 \
> > -s 8:1,passthru,2/0/1 \
> > -s 8:2,passthru,2/0/2 \
> > -s 8:3,passthru,2/0/3 \
> > -s 13,virtio-net,tap12 \
> > -s 29,fbuf,tcp=3D0.0.0.0:5912,w=3D1600,h=3D950,wait \
> > -s 30,xhci,tablet \
> > -s 31,lpc \
> > -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \
> > vm0:12 < /dev/null & sleep 2 && vncviewer 0:12
> >
> > [marietto@marietto /bhyve]=3D=3D> sudo chmod 0755 /usr/sbin/12-Win-11-v=
m12
> >
> > [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/local/etc/doas.conf
> >
> > permit nopass :wheel as root cmd /usr/sbin/bhyve-win
> > permit nopass :wheel as root cmd /usr/sbin/bhyve-lin
> >
> > [marietto@marietto /bhyve]=3D=3D> doas /usr/sbin/12-Win-11-vm12
> > doas: Operation not permitted
> >
> > BUT :
> >
> > [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/sbin/hallo
> >
> > #!/bin/sh
> > echo hallo $USER
> >
> > [marietto@marietto /bhyve]=3D=3D> sudo chmod 0755 /usr/sbin/hallo
> >
> > [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/local/etc/doas.conf
> >
> > permit nopass :wheel as root cmd hallo
> >
> > [marietto@marietto /bhyve]=3D=3D> doas hallo
> >
> > BOOM ! it works :
> >
> > hallo root
> >
> > On Mon, Jun 17, 2024 at 6:54=E2=80=AFPM Dave Cottlehuber <dch@skunkwerk=
s.at>
> wrote:
> >>
> >> On Mon, 17 Jun 2024, at 14:12, Mario Marietto wrote:
> >> > Nice idea,but it does not work :
> >> >
> >> > nano /home/marietto/.zshrc
> >> >
> >> > # ~/.zshrc
> >>
> >> Hi Mario, I think your zsh stuff is getting in the way
> >> here. Your zshrc function is not visible to the root user,
> >> as doas cleans up all the env and so your function is unknown.
> >>
> >> So start off with something without bhyve, make sure you are in
> >> wheel group, and add a shell script called
> >> /usr/local/bin/hallo:
> >>
> >> ```
> >> #!/bin/sh
> >> echo hallo $USER
> >> ```
> >>
> >> chmod 0755 /usr/local/bin/hallo
> >>
> >> ```
> >> # /usr/local/etc/doas.conf (per doas.conf manpage)
> >> permit nopass :wheel as root cmd /usr/local/bin/hallo
> >> ```
> >>
> >> $ doas /usr/local/bin/hallo
> >> hallo root
> >>
> >> then replace your bhyve commands in the hallo script.
> >>
> >> Off the top of my head there's no reason for bhyve to need
> >> anything different to hallo script.
> >> A+
> >> Dave
> >
> >
> >
> > --
> > Mario.
>


--=20
Mario.

--000000000000c863f1061b1a3aa0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail-adn gmail-ads"><div class=3D"gmail-gs"=
><div class=3D"gmail-"><div id=3D"gmail-:po" class=3D"gmail-ii gmail-gt"><d=
iv id=3D"gmail-:o1" class=3D"gmail-a3s gmail-aiL"><div dir=3D"ltr"><div>If =
I keep the bhyve scripts in /usr/sbin,it works. But I want to keep the bhyv=
e scripts in /bhyve and I don&#39;t want to keep them in /usr/sbin. For thi=
s reason I&#39;ve added the path /bhyve to /home/marietto/.zshrc like this =
:<br></div><span class=3D"gmail-im"><div><br></div><div># ~/.zshrc</div><br=
># zsh autocompletion for sudo and doas<br><div>zstyle &quot;:completion:*:=
(sudo|su|doas):*&quot; command-path /usr/local/bin /usr/local/sbin /usr/sbi=
n /usr/bin /bin /sbin /bhyve</div><div><br></div></span><div>and in /root/.=
zshrc :</div><span class=3D"gmail-im"><div><div><br></div># zsh autocomplet=
ion for sudo and doas<br><div>zstyle &quot;:completion:*:(sudo|su|doas):*&q=
uot; command-path /usr/local/bin /usr/local/sbin /usr/sbin /usr/bin /bin /s=
bin /bhyve</div></div><div><br></div></span><div>but when I try to run the =
vm like this :</div><span class=3D"gmail-im"><div></div><div><br></div><div=
></div><div></div><div>[marietto@marietto /bhyve]=3D=3D&gt; doas 12-Win-11-=
vm12<br></div><div><br></div></span><div>it says :</div><span class=3D"gmai=
l-im"><div><br></div><div>doas: 12-Win-11-vm12: command not found</div><div=
><br></div></span><div>and when I do :</div><div><br></div><div><span class=
=3D"gmail-im">[marietto@marietto /bhyve]=3D=3D&gt; doas ./12-Win-11-vm12</s=
pan></div><div><br></div><div>it says :</div><div><br></div><div>doas: Oper=
ation not permitted</div><div><br></div><div>Why ?</div></div></div></div><=
/div></div></div><div class=3D"gmail-nH"><div class=3D"gmail-aHU gmail-hx">=
<div role=3D"list" class=3D"gmail-bh"><div class=3D"gmail-h7 gmail-bg gmail=
-ie" role=3D"listitem" aria-expanded=3D"true" tabindex=3D"-1"><div class=3D=
"gmail-Bk"><div class=3D"gmail-G3 gmail-G2"><div><div id=3D"gmail-:um"><div=
 class=3D"gmail-gA gmail-gt gmail-acV"><div class=3D"gmail-gB gmail-xu"><di=
v class=3D"gmail-ip gmail-iq"><div id=3D"gmail-:q6"><table class=3D"gmail-c=
f gmail-wS" role=3D"presentation"><tbody><tr><td class=3D"gmail-amr"><br></=
td></tr></tbody></table></div></div></div></div></div></div></div></div></d=
iv></div></div></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" =
class=3D"gmail_attr">On Mon, Jun 17, 2024 at 7:53=E2=80=AFPM Mark Peek &lt;=
<a href=3D"mailto:mp@freebsd.org">mp@freebsd.org</a>&gt; wrote:<br></div><b=
lockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-le=
ft:1px solid rgb(204,204,204);padding-left:1ex">Likely need to add this as =
it is what you are passing to doas as the<br>
command to execute:<br>
<br>
permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12<br>
<br>
Mark<br>
<br>
On Mon, Jun 17, 2024 at 10:40=E2=80=AFAM Mario Marietto &lt;<a href=3D"mail=
to:marietto2008@gmail.com" target=3D"_blank">marietto2008@gmail.com</a>&gt;=
 wrote:<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo cp 12-Win-11-vm12 /usr/sbin<=
br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; nano /usr/sbin/12-Win-11-vm12<br>
&gt;<br>
&gt; #!/bin/sh<br>
&gt;<br>
&gt; bhyve-win -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \<br>
&gt; -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \<br>
&gt; -s 0,hostbridge \<br>
&gt; -s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,bootindex=3D1 =
\<br>
&gt; -s 2,ahci-hd,/dev/$vmdisk5 \<br>
&gt; -s 8:0,passthru,2/0/0 \<br>
&gt; -s 8:1,passthru,2/0/1 \<br>
&gt; -s 8:2,passthru,2/0/2 \<br>
&gt; -s 8:3,passthru,2/0/3 \<br>
&gt; -s 13,virtio-net,tap12 \<br>
&gt; -s 29,fbuf,tcp=3D<a href=3D"http://0.0.0.0:5912" rel=3D"noreferrer" ta=
rget=3D"_blank">0.0.0.0:5912</a>,w=3D1600,h=3D950,wait \<br>
&gt; -s 30,xhci,tablet \<br>
&gt; -s 31,lpc \<br>
&gt; -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \<br>
&gt; vm0:12 &lt; /dev/null &amp; sleep 2 &amp;&amp; vncviewer 0:12<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo chmod 0755 /usr/sbin/12-Win-=
11-vm12<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo nano /usr/local/etc/doas.con=
f<br>
&gt;<br>
&gt; permit nopass :wheel as root cmd /usr/sbin/bhyve-win<br>
&gt; permit nopass :wheel as root cmd /usr/sbin/bhyve-lin<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; doas /usr/sbin/12-Win-11-vm12<br>
&gt; doas: Operation not permitted<br>
&gt;<br>
&gt; BUT :<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo nano /usr/sbin/hallo<br>
&gt;<br>
&gt; #!/bin/sh<br>
&gt; echo hallo $USER<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo chmod 0755 /usr/sbin/hallo<b=
r>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo nano /usr/local/etc/doas.con=
f<br>
&gt;<br>
&gt; permit nopass :wheel as root cmd hallo<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; doas hallo<br>
&gt;<br>
&gt; BOOM ! it works :<br>
&gt;<br>
&gt; hallo root<br>
&gt;<br>
&gt; On Mon, Jun 17, 2024 at 6:54=E2=80=AFPM Dave Cottlehuber &lt;<a href=
=3D"mailto:dch@skunkwerks.at" target=3D"_blank">dch@skunkwerks.at</a>&gt; w=
rote:<br>
&gt;&gt;<br>
&gt;&gt; On Mon, 17 Jun 2024, at 14:12, Mario Marietto wrote:<br>
&gt;&gt; &gt; Nice idea,but it does not work :<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; nano /home/marietto/.zshrc<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; # ~/.zshrc<br>
&gt;&gt;<br>
&gt;&gt; Hi Mario, I think your zsh stuff is getting in the way<br>
&gt;&gt; here. Your zshrc function is not visible to the root user,<br>
&gt;&gt; as doas cleans up all the env and so your function is unknown.<br>
&gt;&gt;<br>
&gt;&gt; So start off with something without bhyve, make sure you are in<br=
>
&gt;&gt; wheel group, and add a shell script called<br>
&gt;&gt; /usr/local/bin/hallo:<br>
&gt;&gt;<br>
&gt;&gt; ```<br>
&gt;&gt; #!/bin/sh<br>
&gt;&gt; echo hallo $USER<br>
&gt;&gt; ```<br>
&gt;&gt;<br>
&gt;&gt; chmod 0755 /usr/local/bin/hallo<br>
&gt;&gt;<br>
&gt;&gt; ```<br>
&gt;&gt; # /usr/local/etc/doas.conf (per doas.conf manpage)<br>
&gt;&gt; permit nopass :wheel as root cmd /usr/local/bin/hallo<br>
&gt;&gt; ```<br>
&gt;&gt;<br>
&gt;&gt; $ doas /usr/local/bin/hallo<br>
&gt;&gt; hallo root<br>
&gt;&gt;<br>
&gt;&gt; then replace your bhyve commands in the hallo script.<br>
&gt;&gt;<br>
&gt;&gt; Off the top of my head there&#39;s no reason for bhyve to need<br>
&gt;&gt; anything different to hallo script.<br>
&gt;&gt; A+<br>
&gt;&gt; Dave<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; --<br>
&gt; Mario.<br>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>

--000000000000c863f1061b1a3aa0--

From nobody Mon Jun 17 19:50:06 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W30py0npwz5PVQW
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 19:50:18 +0000 (UTC)
	(envelope-from mp@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W30py04dWz4NTS
	for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 19:50:18 +0000 (UTC)
	(envelope-from mp@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1718653818;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=+gkJaoLv8GZrsNmqMATNO/IVWssiZoq7FPbkRe80C1k=;
	b=Mx5vCywKLqPN7duKmcJ9VzYyAf882TtoQ242c6XEozzkg4SN0O62R6hNjXyAvYEMQOMEyl
	EOiDGPv5cXp8p1zew1t2hhb861lNcmBcIX1nWIXt56A9YvKIPTHalnQUD8oZG98lWvLYMC
	c2cNuJJ/Tg9LGe75XjpPTgynxbLI5jKP0dM3Ux5OHSmiXk94IAs56TjdmlSY/BSMmqaV92
	KEaNLhyvmxoSYKbwJ4vyk+StlJ06r19bt0xDjDoph45ckqRo7E1RYyg9HHqp2sjjvFAOpQ
	r72XAGmzraB26CnQtjHY1WeSPdV5LvxoN71Y8I5vKoGFEGnDG0Msv+iAKpMyrw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1718653818; a=rsa-sha256; cv=none;
	b=tjUgievxL8igmrL/7CBaIfio2hAHQ4epr8Q49/aHs2f8G5huImMexnaJFYlUDENR8tlB2O
	ZXfyXPIakBV3rdGWqpHaW8wZOZj3T/mWn3nGkHXTlwkOAMeXqW0YcsiaMjmmqainpxOgxh
	aYvxbbs0pOtOi1TKmv3W5Rl7+PpupCH70U3j3CAcZLtoSucAjFue7KBbTtGdnVLLwdgAiT
	921mr4HH+pKnYJ+Ypnb+RhR9oKoocXLfDSFOiPgT+s1vev4uiohRJDLTKtILqK4pyZQcOM
	nzf6JelZyawYX4KRugK49yG2dkLLwHmEl9a9YVtTDGllckNrU618g7QzZYz8Cg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1718653818;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=+gkJaoLv8GZrsNmqMATNO/IVWssiZoq7FPbkRe80C1k=;
	b=Fqfq2/0WZVafReBj/osOXLgVhWtb0Qw9N/zOuB3PJTRNVHK3hn/+k/8we4Q/xTua6xkTl0
	S5eYVcQrTXMZqDg493+X37cMvppm7KgtJNNNAXTy+vJtSqdueKvwCdA5lHfjsl8AkiBzZN
	7gpZ8jMUhibqPMvXm9crQUccOPkrNmBl8cI0IfGoUysaywdvn7XEygO/p5S40v6kFnSl8/
	xo1gv3eLj7bVqyN5wvJp/dZSMjwTH6oyFJ/s1cnddzV2QmFyEZn9OShH5gbkHdI8Ur6ZpZ
	IbcqhgCg7SgOWnUMliglO0ttb4uaVgEatfuyZ03347WI8/KMUreg2I95gXlLiw==
Received: from mail-yb1-f173.google.com (mail-yb1-f173.google.com [209.85.219.173])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	(Authenticated sender: mp)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4W30px6b17zXL1
	for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 19:50:17 +0000 (UTC)
	(envelope-from mp@freebsd.org)
Received: by mail-yb1-f173.google.com with SMTP id 3f1490d57ef6-dfab4779d95so4707990276.0
        for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 12:50:17 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCVK+QFFcEAuSNHJNMc/4A3qMg7U44tC4VD5OKg0WP2yZKc9DFDZmgwnTAhd++SsS1IGp5qf2wTpsB5ZjHyTkfEaiS3DrMD2hzXb57tj6wUw3IQX
X-Gm-Message-State: AOJu0YxX7jwuj8KUm1hfmdmmnXoCG106qDJEmV0H1WDKMROdaagDJWec
	fM+Fu+nfxfUy214NL+ZVgsK+ETTRrv3BTdXfb/mfMF4w/72lpQPLEfTyiYlFMrKfw/6LYJ2q3IH
	JELCt7GylISfUkI8pr3KVwZeth45Gewpk0L18Xw==
X-Google-Smtp-Source: AGHT+IFFwqNmSRnFZvUzynUJk5GHqZEIrcLmhPm1l1FrfFOnQqQgwpVyRQTC94z5POgYRCzg9C16IxnyudCzWQ1N1Mo=
X-Received: by 2002:a25:b314:0:b0:dfc:e373:5402 with SMTP id
 3f1490d57ef6-dff154ce45amr10952823276.57.1718653817478; Mon, 17 Jun 2024
 12:50:17 -0700 (PDT)
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
References: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
 <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
 <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com>
 <86a551c1-7f10-450d-a282-b33f959ed93e@app.fastmail.com> <CA+1FSighjAkOAtzyX3HBy4h0ZnTVckjF9adnWMpAR3m=xW0dUA@mail.gmail.com>
 <CAGGgMJfoAHFv2uJBzz+cJ-pe0tUX=BVaCxM3y5SU-cUxGHcs9A@mail.gmail.com> <CA+1FSihHFejcobwVdGhtus4P8uRDkPyXDhQtrBCp-EWxPz=MPg@mail.gmail.com>
In-Reply-To: <CA+1FSihHFejcobwVdGhtus4P8uRDkPyXDhQtrBCp-EWxPz=MPg@mail.gmail.com>
From: Mark Peek <mp@freebsd.org>
Date: Mon, 17 Jun 2024 12:50:06 -0700
X-Gmail-Original-Message-ID: <CAGGgMJd+Zh6G+0jmCe_+fxof8-RD3AiwhnDuejo84Lm56qZm1A@mail.gmail.com>
Message-ID: <CAGGgMJd+Zh6G+0jmCe_+fxof8-RD3AiwhnDuejo84Lm56qZm1A@mail.gmail.com>
Subject: Re: How to launch a bhyve vm as normal user,without being root
To: Mario Marietto <marietto2008@gmail.com>
Cc: Mark Peek <mp@freebsd.org>, Dave Cottlehuber <dch@skunkwerks.at>, 
	Odhiambo Washington <odhiambo@gmail.com>, 
	freebsd-virtualization <freebsd-virtualization@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000488282061b1b46c2"

--000000000000488282061b1b46c2
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Likely because you don't have this in the doas.conf file:

permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12


On Mon, Jun 17, 2024 at 11:35=E2=80=AFAM Mario Marietto <marietto2008@gmail=
.com>
wrote:

> If I keep the bhyve scripts in /usr/sbin,it works. But I want to keep the
> bhyve scripts in /bhyve and I don't want to keep them in /usr/sbin. For
> this reason I've added the path /bhyve to /home/marietto/.zshrc like this=
 :
>
> # ~/.zshrc
>
> # zsh autocompletion for sudo and doas
> zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
> /usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve
>
> and in /root/.zshrc :
>
> # zsh autocompletion for sudo and doas
> zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
> /usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve
>
> but when I try to run the vm like this :
>
> [marietto@marietto /bhyve]=3D=3D> doas 12-Win-11-vm12
>
> it says :
>
> doas: 12-Win-11-vm12: command not found
>
> and when I do :
>
> [marietto@marietto /bhyve]=3D=3D> doas ./12-Win-11-vm12
>
> it says :
>
> doas: Operation not permitted
>
> Why ?
>
>
> On Mon, Jun 17, 2024 at 7:53=E2=80=AFPM Mark Peek <mp@freebsd.org> wrote:
>
>> Likely need to add this as it is what you are passing to doas as the
>> command to execute:
>>
>> permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12
>>
>> Mark
>>
>> On Mon, Jun 17, 2024 at 10:40=E2=80=AFAM Mario Marietto <marietto2008@gm=
ail.com>
>> wrote:
>> >
>> > [marietto@marietto /bhyve]=3D=3D> sudo cp 12-Win-11-vm12 /usr/sbin
>> >
>> > [marietto@marietto /bhyve]=3D=3D> nano /usr/sbin/12-Win-11-vm12
>> >
>> > #!/bin/sh
>> >
>> > bhyve-win -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \
>> > -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \
>> > -s 0,hostbridge \
>> > -s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,bootindex=3D1 =
\
>> > -s 2,ahci-hd,/dev/$vmdisk5 \
>> > -s 8:0,passthru,2/0/0 \
>> > -s 8:1,passthru,2/0/1 \
>> > -s 8:2,passthru,2/0/2 \
>> > -s 8:3,passthru,2/0/3 \
>> > -s 13,virtio-net,tap12 \
>> > -s 29,fbuf,tcp=3D0.0.0.0:5912,w=3D1600,h=3D950,wait \
>> > -s 30,xhci,tablet \
>> > -s 31,lpc \
>> > -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \
>> > vm0:12 < /dev/null & sleep 2 && vncviewer 0:12
>> >
>> > [marietto@marietto /bhyve]=3D=3D> sudo chmod 0755 /usr/sbin/12-Win-11-=
vm12
>> >
>> > [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/local/etc/doas.conf
>> >
>> > permit nopass :wheel as root cmd /usr/sbin/bhyve-win
>> > permit nopass :wheel as root cmd /usr/sbin/bhyve-lin
>> >
>> > [marietto@marietto /bhyve]=3D=3D> doas /usr/sbin/12-Win-11-vm12
>> > doas: Operation not permitted
>> >
>> > BUT :
>> >
>> > [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/sbin/hallo
>> >
>> > #!/bin/sh
>> > echo hallo $USER
>> >
>> > [marietto@marietto /bhyve]=3D=3D> sudo chmod 0755 /usr/sbin/hallo
>> >
>> > [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/local/etc/doas.conf
>> >
>> > permit nopass :wheel as root cmd hallo
>> >
>> > [marietto@marietto /bhyve]=3D=3D> doas hallo
>> >
>> > BOOM ! it works :
>> >
>> > hallo root
>> >
>> > On Mon, Jun 17, 2024 at 6:54=E2=80=AFPM Dave Cottlehuber <dch@skunkwer=
ks.at>
>> wrote:
>> >>
>> >> On Mon, 17 Jun 2024, at 14:12, Mario Marietto wrote:
>> >> > Nice idea,but it does not work :
>> >> >
>> >> > nano /home/marietto/.zshrc
>> >> >
>> >> > # ~/.zshrc
>> >>
>> >> Hi Mario, I think your zsh stuff is getting in the way
>> >> here. Your zshrc function is not visible to the root user,
>> >> as doas cleans up all the env and so your function is unknown.
>> >>
>> >> So start off with something without bhyve, make sure you are in
>> >> wheel group, and add a shell script called
>> >> /usr/local/bin/hallo:
>> >>
>> >> ```
>> >> #!/bin/sh
>> >> echo hallo $USER
>> >> ```
>> >>
>> >> chmod 0755 /usr/local/bin/hallo
>> >>
>> >> ```
>> >> # /usr/local/etc/doas.conf (per doas.conf manpage)
>> >> permit nopass :wheel as root cmd /usr/local/bin/hallo
>> >> ```
>> >>
>> >> $ doas /usr/local/bin/hallo
>> >> hallo root
>> >>
>> >> then replace your bhyve commands in the hallo script.
>> >>
>> >> Off the top of my head there's no reason for bhyve to need
>> >> anything different to hallo script.
>> >> A+
>> >> Dave
>> >
>> >
>> >
>> > --
>> > Mario.
>>
>
>
> --
> Mario.
>

--000000000000488282061b1b46c2
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Likely because you don&#39;t have this in the doas.conf fi=
le:<div><br></div><div><font face=3D"monospace" style=3D"background-color:r=
gb(255,255,255)" color=3D"#000000">permit nopass :wheel as root cmd /bhyve/=
12-Win-11-vm12<br></font></div><div><br></div></div><br><div class=3D"gmail=
_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Jun 17, 2024 at 11:35=
=E2=80=AFAM Mario Marietto &lt;<a href=3D"mailto:marietto2008@gmail.com">ma=
rietto2008@gmail.com</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quo=
te" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204=
);padding-left:1ex"><div dir=3D"ltr"><div><div><div><div id=3D"m_-116572803=
6884468405gmail-:po"><div id=3D"m_-1165728036884468405gmail-:o1"><div dir=
=3D"ltr"><div>If I keep the bhyve scripts in /usr/sbin,it works. But I want=
 to keep the bhyve scripts in /bhyve and I don&#39;t want to keep them in /=
usr/sbin. For this reason I&#39;ve added the path /bhyve to /home/marietto/=
.zshrc like this :<br></div><span><div><br></div><div># ~/.zshrc</div><br>#=
 zsh autocompletion for sudo and doas<br><div>zstyle &quot;:completion:*:(s=
udo|su|doas):*&quot; command-path /usr/local/bin /usr/local/sbin /usr/sbin =
/usr/bin /bin /sbin /bhyve</div><div><br></div></span><div>and in /root/.zs=
hrc :</div><span><div><div><br></div># zsh autocompletion for sudo and doas=
<br><div>zstyle &quot;:completion:*:(sudo|su|doas):*&quot; command-path /us=
r/local/bin /usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve</div></div=
><div><br></div></span><div>but when I try to run the vm like this :</div><=
span><div></div><div><br></div><div></div><div></div><div>[marietto@mariett=
o /bhyve]=3D=3D&gt; doas 12-Win-11-vm12<br></div><div><br></div></span><div=
>it says :</div><span><div><br></div><div>doas: 12-Win-11-vm12: command not=
 found</div><div><br></div></span><div>and when I do :</div><div><br></div>=
<div><span>[marietto@marietto /bhyve]=3D=3D&gt; doas ./12-Win-11-vm12</span=
></div><div><br></div><div>it says :</div><div><br></div><div>doas: Operati=
on not permitted</div><div><br></div><div>Why ?</div></div></div></div></di=
v></div></div><div><div><div role=3D"list"><div role=3D"listitem" aria-expa=
nded=3D"true"><div><div><div><div id=3D"m_-1165728036884468405gmail-:um"><d=
iv><div><div><div id=3D"m_-1165728036884468405gmail-:q6"><table role=3D"pre=
sentation"><tbody><tr><td><br></td></tr></tbody></table></div></div></div><=
/div></div></div></div></div></div></div></div></div></div><br><div class=
=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Jun 17, 2024=
 at 7:53=E2=80=AFPM Mark Peek &lt;<a href=3D"mailto:mp@freebsd.org" target=
=3D"_blank">mp@freebsd.org</a>&gt; wrote:<br></div><blockquote class=3D"gma=
il_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,2=
04,204);padding-left:1ex">Likely need to add this as it is what you are pas=
sing to doas as the<br>
command to execute:<br>
<br>
permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12<br>
<br>
Mark<br>
<br>
On Mon, Jun 17, 2024 at 10:40=E2=80=AFAM Mario Marietto &lt;<a href=3D"mail=
to:marietto2008@gmail.com" target=3D"_blank">marietto2008@gmail.com</a>&gt;=
 wrote:<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo cp 12-Win-11-vm12 /usr/sbin<=
br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; nano /usr/sbin/12-Win-11-vm12<br>
&gt;<br>
&gt; #!/bin/sh<br>
&gt;<br>
&gt; bhyve-win -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \<br>
&gt; -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \<br>
&gt; -s 0,hostbridge \<br>
&gt; -s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,bootindex=3D1 =
\<br>
&gt; -s 2,ahci-hd,/dev/$vmdisk5 \<br>
&gt; -s 8:0,passthru,2/0/0 \<br>
&gt; -s 8:1,passthru,2/0/1 \<br>
&gt; -s 8:2,passthru,2/0/2 \<br>
&gt; -s 8:3,passthru,2/0/3 \<br>
&gt; -s 13,virtio-net,tap12 \<br>
&gt; -s 29,fbuf,tcp=3D<a href=3D"http://0.0.0.0:5912" rel=3D"noreferrer" ta=
rget=3D"_blank">0.0.0.0:5912</a>,w=3D1600,h=3D950,wait \<br>
&gt; -s 30,xhci,tablet \<br>
&gt; -s 31,lpc \<br>
&gt; -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \<br>
&gt; vm0:12 &lt; /dev/null &amp; sleep 2 &amp;&amp; vncviewer 0:12<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo chmod 0755 /usr/sbin/12-Win-=
11-vm12<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo nano /usr/local/etc/doas.con=
f<br>
&gt;<br>
&gt; permit nopass :wheel as root cmd /usr/sbin/bhyve-win<br>
&gt; permit nopass :wheel as root cmd /usr/sbin/bhyve-lin<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; doas /usr/sbin/12-Win-11-vm12<br>
&gt; doas: Operation not permitted<br>
&gt;<br>
&gt; BUT :<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo nano /usr/sbin/hallo<br>
&gt;<br>
&gt; #!/bin/sh<br>
&gt; echo hallo $USER<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo chmod 0755 /usr/sbin/hallo<b=
r>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo nano /usr/local/etc/doas.con=
f<br>
&gt;<br>
&gt; permit nopass :wheel as root cmd hallo<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; doas hallo<br>
&gt;<br>
&gt; BOOM ! it works :<br>
&gt;<br>
&gt; hallo root<br>
&gt;<br>
&gt; On Mon, Jun 17, 2024 at 6:54=E2=80=AFPM Dave Cottlehuber &lt;<a href=
=3D"mailto:dch@skunkwerks.at" target=3D"_blank">dch@skunkwerks.at</a>&gt; w=
rote:<br>
&gt;&gt;<br>
&gt;&gt; On Mon, 17 Jun 2024, at 14:12, Mario Marietto wrote:<br>
&gt;&gt; &gt; Nice idea,but it does not work :<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; nano /home/marietto/.zshrc<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; # ~/.zshrc<br>
&gt;&gt;<br>
&gt;&gt; Hi Mario, I think your zsh stuff is getting in the way<br>
&gt;&gt; here. Your zshrc function is not visible to the root user,<br>
&gt;&gt; as doas cleans up all the env and so your function is unknown.<br>
&gt;&gt;<br>
&gt;&gt; So start off with something without bhyve, make sure you are in<br=
>
&gt;&gt; wheel group, and add a shell script called<br>
&gt;&gt; /usr/local/bin/hallo:<br>
&gt;&gt;<br>
&gt;&gt; ```<br>
&gt;&gt; #!/bin/sh<br>
&gt;&gt; echo hallo $USER<br>
&gt;&gt; ```<br>
&gt;&gt;<br>
&gt;&gt; chmod 0755 /usr/local/bin/hallo<br>
&gt;&gt;<br>
&gt;&gt; ```<br>
&gt;&gt; # /usr/local/etc/doas.conf (per doas.conf manpage)<br>
&gt;&gt; permit nopass :wheel as root cmd /usr/local/bin/hallo<br>
&gt;&gt; ```<br>
&gt;&gt;<br>
&gt;&gt; $ doas /usr/local/bin/hallo<br>
&gt;&gt; hallo root<br>
&gt;&gt;<br>
&gt;&gt; then replace your bhyve commands in the hallo script.<br>
&gt;&gt;<br>
&gt;&gt; Off the top of my head there&#39;s no reason for bhyve to need<br>
&gt;&gt; anything different to hallo script.<br>
&gt;&gt; A+<br>
&gt;&gt; Dave<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; --<br>
&gt; Mario.<br>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>
</blockquote></div>

--000000000000488282061b1b46c2--

From nobody Mon Jun 17 20:15:20 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W31Nb3HFsz5PXJF
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 20:15:59 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W31Nb16VRz4QZG;
	Mon, 17 Jun 2024 20:15:59 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-pj1-x1030.google.com with SMTP id 98e67ed59e1d1-2c4f0f9230eso2364284a91.2;
        Mon, 17 Jun 2024 13:15:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1718655357; x=1719260157; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=cyAssLhc59Qp7CiwqucMiPQUI2qVkL6MG9SIyp0VMFE=;
        b=ME8mQREueHvXF85g/ZahKwbOmQqoDsPvSh1Ks3Zm7haPXk4UPBJqocW58LbDpBlNop
         UtLAKApDxbddx6UN/NYFDa2j2auzhUqdnIQ61N8v0LS0drvayYJdEKC/X+nAc4+6+v8T
         uXmHE5kmuoUnxkdfrDtZU0WSGTW9jkEN0ORrSBE9v2KWS7Ez24Vu3sz+157xjMpZ0FMm
         qCxCqqzdtQ+g/VaiONE6bYwjAamskC0SxA2RIMiKToiOJAIxQNtm7/TtCHt92KazJUlc
         2daBWkxYXxcCXumDmexJKqCoja+iWIqi2m924ERCe28BYpzImZ9dyslaRa5nGjxNw84W
         XOmQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1718655357; x=1719260157;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=cyAssLhc59Qp7CiwqucMiPQUI2qVkL6MG9SIyp0VMFE=;
        b=sTw7W+M8FLnn3w470LTbcObhh/2rRIR2mQ/UKA1/LNSPe1OGu2zowf286C82hoQGK7
         1nB+Zo1RyPlfF/B4a0EppQTeFDyHgKz6M9jY8LR9w8Qb1bg3yv7/4JZ1NBABiYL6AAAl
         14ZusY6gjnTRk71NH+VwuCNippNAEs/i2stvuySs0PX9R+eI5Eh49uFYigZEBQvDW3yz
         X5X47F+53XuCtCIAQSwo9lhSvs/BcvIG5dHwmVxLX1mabknWva/DwpkgptJz/T+NjgIL
         ovAg4NXI2pK/HNzbAUJbdH15YB60tDo/9lQ4Oc15wOidwk3kxlLO2HrcBhYFBDxeb5b2
         iAJw==
X-Forwarded-Encrypted: i=1; AJvYcCU6t1cq1uptKKIjBBXLjE20Q725cx349hJFsDI0nd2/LH8wIJZf7CDGgrdlKZ3KMUWDqN9mwK+bmrzYacvWyhEmWOjQ1qWqIDcf8/jLGGhQma2K
X-Gm-Message-State: AOJu0YylyiXzmoJ2NjoVv5sO56S9PztGlBHHxo3L1m9f1f8BqkralNoX
	9Vyrl8843QfIbyZYSbVhc/3YjJJ5BtOxv/T8BYm1ZWK+VzhnMhf/Zj0m6aGlXcsbGJc8/MTa8fr
	uILWuMYNWeUJnx4iLxz3+xy4MpaQyGeq/vZE=
X-Google-Smtp-Source: AGHT+IH/U4MRYwmhZpu5TgmCaSLKeaYRtvYJR/H7arojFDOpFQyvqOStAsXM4xcKBfILnnUhTc99LK/CePkmzrF1U0k=
X-Received: by 2002:a17:90a:a016:b0:2c6:dc3b:d6fd with SMTP id
 98e67ed59e1d1-2c6dc3bd8a0mr529032a91.31.1718655356838; Mon, 17 Jun 2024
 13:15:56 -0700 (PDT)
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
References: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
 <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
 <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com>
 <86a551c1-7f10-450d-a282-b33f959ed93e@app.fastmail.com> <CA+1FSighjAkOAtzyX3HBy4h0ZnTVckjF9adnWMpAR3m=xW0dUA@mail.gmail.com>
 <CAGGgMJfoAHFv2uJBzz+cJ-pe0tUX=BVaCxM3y5SU-cUxGHcs9A@mail.gmail.com>
 <CA+1FSihHFejcobwVdGhtus4P8uRDkPyXDhQtrBCp-EWxPz=MPg@mail.gmail.com> <CAGGgMJd+Zh6G+0jmCe_+fxof8-RD3AiwhnDuejo84Lm56qZm1A@mail.gmail.com>
In-Reply-To: <CAGGgMJd+Zh6G+0jmCe_+fxof8-RD3AiwhnDuejo84Lm56qZm1A@mail.gmail.com>
From: Mario Marietto <marietto2008@gmail.com>
Date: Mon, 17 Jun 2024 22:15:20 +0200
Message-ID: <CA+1FSijS1O8aL6GVwRx0Mt4PETvbL1C0oMgs79pQBtUg4jV8FA@mail.gmail.com>
Subject: Re: How to launch a bhyve vm as normal user,without being root
To: Mark Peek <mp@freebsd.org>
Cc: Dave Cottlehuber <dch@skunkwerks.at>, Odhiambo Washington <odhiambo@gmail.com>, 
	freebsd-virtualization <freebsd-virtualization@freebsd.org>
Content-Type: multipart/alternative; boundary="0000000000000929fd061b1ba2cb"
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Queue-Id: 4W31Nb16VRz4QZG

--0000000000000929fd061b1ba2cb
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

nano /usr/local/etc/doas.conf :

permit nopass :wheel as root cmd bhyve-win
permit nopass :wheel as root cmd bhyve-lin
permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12

[marietto@marietto /bhyve]=3D=3D> doas 12-Win-11-vm12
doas: Operation not permitted

On Mon, Jun 17, 2024 at 9:50=E2=80=AFPM Mark Peek <mp@freebsd.org> wrote:

> Likely because you don't have this in the doas.conf file:
>
> permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12
>
>
> On Mon, Jun 17, 2024 at 11:35=E2=80=AFAM Mario Marietto <marietto2008@gma=
il.com>
> wrote:
>
>> If I keep the bhyve scripts in /usr/sbin,it works. But I want to keep th=
e
>> bhyve scripts in /bhyve and I don't want to keep them in /usr/sbin. For
>> this reason I've added the path /bhyve to /home/marietto/.zshrc like thi=
s :
>>
>> # ~/.zshrc
>>
>> # zsh autocompletion for sudo and doas
>> zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
>> /usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve
>>
>> and in /root/.zshrc :
>>
>> # zsh autocompletion for sudo and doas
>> zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
>> /usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve
>>
>> but when I try to run the vm like this :
>>
>> [marietto@marietto /bhyve]=3D=3D> doas 12-Win-11-vm12
>>
>> it says :
>>
>> doas: 12-Win-11-vm12: command not found
>>
>> and when I do :
>>
>> [marietto@marietto /bhyve]=3D=3D> doas ./12-Win-11-vm12
>>
>> it says :
>>
>> doas: Operation not permitted
>>
>> Why ?
>>
>>
>> On Mon, Jun 17, 2024 at 7:53=E2=80=AFPM Mark Peek <mp@freebsd.org> wrote=
:
>>
>>> Likely need to add this as it is what you are passing to doas as the
>>> command to execute:
>>>
>>> permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12
>>>
>>> Mark
>>>
>>> On Mon, Jun 17, 2024 at 10:40=E2=80=AFAM Mario Marietto <marietto2008@g=
mail.com>
>>> wrote:
>>> >
>>> > [marietto@marietto /bhyve]=3D=3D> sudo cp 12-Win-11-vm12 /usr/sbin
>>> >
>>> > [marietto@marietto /bhyve]=3D=3D> nano /usr/sbin/12-Win-11-vm12
>>> >
>>> > #!/bin/sh
>>> >
>>> > bhyve-win -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \
>>> > -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \
>>> > -s 0,hostbridge \
>>> > -s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,bootindex=3D1=
 \
>>> > -s 2,ahci-hd,/dev/$vmdisk5 \
>>> > -s 8:0,passthru,2/0/0 \
>>> > -s 8:1,passthru,2/0/1 \
>>> > -s 8:2,passthru,2/0/2 \
>>> > -s 8:3,passthru,2/0/3 \
>>> > -s 13,virtio-net,tap12 \
>>> > -s 29,fbuf,tcp=3D0.0.0.0:5912,w=3D1600,h=3D950,wait \
>>> > -s 30,xhci,tablet \
>>> > -s 31,lpc \
>>> > -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \
>>> > vm0:12 < /dev/null & sleep 2 && vncviewer 0:12
>>> >
>>> > [marietto@marietto /bhyve]=3D=3D> sudo chmod 0755 /usr/sbin/12-Win-11=
-vm12
>>> >
>>> > [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/local/etc/doas.conf
>>> >
>>> > permit nopass :wheel as root cmd /usr/sbin/bhyve-win
>>> > permit nopass :wheel as root cmd /usr/sbin/bhyve-lin
>>> >
>>> > [marietto@marietto /bhyve]=3D=3D> doas /usr/sbin/12-Win-11-vm12
>>> > doas: Operation not permitted
>>> >
>>> > BUT :
>>> >
>>> > [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/sbin/hallo
>>> >
>>> > #!/bin/sh
>>> > echo hallo $USER
>>> >
>>> > [marietto@marietto /bhyve]=3D=3D> sudo chmod 0755 /usr/sbin/hallo
>>> >
>>> > [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/local/etc/doas.conf
>>> >
>>> > permit nopass :wheel as root cmd hallo
>>> >
>>> > [marietto@marietto /bhyve]=3D=3D> doas hallo
>>> >
>>> > BOOM ! it works :
>>> >
>>> > hallo root
>>> >
>>> > On Mon, Jun 17, 2024 at 6:54=E2=80=AFPM Dave Cottlehuber <dch@skunkwe=
rks.at>
>>> wrote:
>>> >>
>>> >> On Mon, 17 Jun 2024, at 14:12, Mario Marietto wrote:
>>> >> > Nice idea,but it does not work :
>>> >> >
>>> >> > nano /home/marietto/.zshrc
>>> >> >
>>> >> > # ~/.zshrc
>>> >>
>>> >> Hi Mario, I think your zsh stuff is getting in the way
>>> >> here. Your zshrc function is not visible to the root user,
>>> >> as doas cleans up all the env and so your function is unknown.
>>> >>
>>> >> So start off with something without bhyve, make sure you are in
>>> >> wheel group, and add a shell script called
>>> >> /usr/local/bin/hallo:
>>> >>
>>> >> ```
>>> >> #!/bin/sh
>>> >> echo hallo $USER
>>> >> ```
>>> >>
>>> >> chmod 0755 /usr/local/bin/hallo
>>> >>
>>> >> ```
>>> >> # /usr/local/etc/doas.conf (per doas.conf manpage)
>>> >> permit nopass :wheel as root cmd /usr/local/bin/hallo
>>> >> ```
>>> >>
>>> >> $ doas /usr/local/bin/hallo
>>> >> hallo root
>>> >>
>>> >> then replace your bhyve commands in the hallo script.
>>> >>
>>> >> Off the top of my head there's no reason for bhyve to need
>>> >> anything different to hallo script.
>>> >> A+
>>> >> Dave
>>> >
>>> >
>>> >
>>> > --
>>> > Mario.
>>>
>>
>>
>> --
>> Mario.
>>
>

--=20
Mario.

--0000000000000929fd061b1ba2cb
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>nano /usr/local/etc/doas.conf :</div><div><br></div><=
div>permit nopass :wheel as root cmd bhyve-win<br>permit nopass :wheel as r=
oot cmd bhyve-lin<br>permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12=
</div><div><br></div><div>[marietto@marietto /bhyve]=3D=3D&gt; doas 12-Win-=
11-vm12</div>doas: Operation not permitted</div><br><div class=3D"gmail_quo=
te"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Jun 17, 2024 at 9:50=E2=
=80=AFPM Mark Peek &lt;<a href=3D"mailto:mp@freebsd.org">mp@freebsd.org</a>=
&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px =
0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div=
 dir=3D"ltr">Likely because you don&#39;t have this in the doas.conf file:<=
div><br></div><div><font face=3D"monospace" style=3D"background-color:rgb(2=
55,255,255)" color=3D"#000000">permit nopass :wheel as root cmd /bhyve/12-W=
in-11-vm12<br></font></div><div><br></div></div><br><div class=3D"gmail_quo=
te"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Jun 17, 2024 at 11:35=E2=
=80=AFAM Mario Marietto &lt;<a href=3D"mailto:marietto2008@gmail.com" targe=
t=3D"_blank">marietto2008@gmail.com</a>&gt; wrote:<br></div><blockquote cla=
ss=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid =
rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div><div><div><div id=
=3D"m_5208458890051620345m_-1165728036884468405gmail-:po"><div id=3D"m_5208=
458890051620345m_-1165728036884468405gmail-:o1"><div dir=3D"ltr"><div>If I =
keep the bhyve scripts in /usr/sbin,it works. But I want to keep the bhyve =
scripts in /bhyve and I don&#39;t want to keep them in /usr/sbin. For this =
reason I&#39;ve added the path /bhyve to /home/marietto/.zshrc like this :<=
br></div><span><div><br></div><div># ~/.zshrc</div><br># zsh autocompletion=
 for sudo and doas<br><div>zstyle &quot;:completion:*:(sudo|su|doas):*&quot=
; command-path /usr/local/bin /usr/local/sbin /usr/sbin /usr/bin /bin /sbin=
 /bhyve</div><div><br></div></span><div>and in /root/.zshrc :</div><span><d=
iv><div><br></div># zsh autocompletion for sudo and doas<br><div>zstyle &qu=
ot;:completion:*:(sudo|su|doas):*&quot; command-path /usr/local/bin /usr/lo=
cal/sbin /usr/sbin /usr/bin /bin /sbin /bhyve</div></div><div><br></div></s=
pan><div>but when I try to run the vm like this :</div><span><div></div><di=
v><br></div><div></div><div></div><div>[marietto@marietto /bhyve]=3D=3D&gt;=
 doas 12-Win-11-vm12<br></div><div><br></div></span><div>it says :</div><sp=
an><div><br></div><div>doas: 12-Win-11-vm12: command not found</div><div><b=
r></div></span><div>and when I do :</div><div><br></div><div><span>[mariett=
o@marietto /bhyve]=3D=3D&gt; doas ./12-Win-11-vm12</span></div><div><br></d=
iv><div>it says :</div><div><br></div><div>doas: Operation not permitted</d=
iv><div><br></div><div>Why ?</div></div></div></div></div></div></div><div>=
<div><div role=3D"list"><div role=3D"listitem" aria-expanded=3D"true"><div>=
<div><div><div id=3D"m_5208458890051620345m_-1165728036884468405gmail-:um">=
<div><div><div><div id=3D"m_5208458890051620345m_-1165728036884468405gmail-=
:q6"><table role=3D"presentation"><tbody><tr><td><br></td></tr></tbody></ta=
ble></div></div></div></div></div></div></div></div></div></div></div></div=
></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr"=
>On Mon, Jun 17, 2024 at 7:53=E2=80=AFPM Mark Peek &lt;<a href=3D"mailto:mp=
@freebsd.org" target=3D"_blank">mp@freebsd.org</a>&gt; wrote:<br></div><blo=
ckquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left=
:1px solid rgb(204,204,204);padding-left:1ex">Likely need to add this as it=
 is what you are passing to doas as the<br>
command to execute:<br>
<br>
permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12<br>
<br>
Mark<br>
<br>
On Mon, Jun 17, 2024 at 10:40=E2=80=AFAM Mario Marietto &lt;<a href=3D"mail=
to:marietto2008@gmail.com" target=3D"_blank">marietto2008@gmail.com</a>&gt;=
 wrote:<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo cp 12-Win-11-vm12 /usr/sbin<=
br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; nano /usr/sbin/12-Win-11-vm12<br>
&gt;<br>
&gt; #!/bin/sh<br>
&gt;<br>
&gt; bhyve-win -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \<br>
&gt; -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \<br>
&gt; -s 0,hostbridge \<br>
&gt; -s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,bootindex=3D1 =
\<br>
&gt; -s 2,ahci-hd,/dev/$vmdisk5 \<br>
&gt; -s 8:0,passthru,2/0/0 \<br>
&gt; -s 8:1,passthru,2/0/1 \<br>
&gt; -s 8:2,passthru,2/0/2 \<br>
&gt; -s 8:3,passthru,2/0/3 \<br>
&gt; -s 13,virtio-net,tap12 \<br>
&gt; -s 29,fbuf,tcp=3D<a href=3D"http://0.0.0.0:5912" rel=3D"noreferrer" ta=
rget=3D"_blank">0.0.0.0:5912</a>,w=3D1600,h=3D950,wait \<br>
&gt; -s 30,xhci,tablet \<br>
&gt; -s 31,lpc \<br>
&gt; -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \<br>
&gt; vm0:12 &lt; /dev/null &amp; sleep 2 &amp;&amp; vncviewer 0:12<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo chmod 0755 /usr/sbin/12-Win-=
11-vm12<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo nano /usr/local/etc/doas.con=
f<br>
&gt;<br>
&gt; permit nopass :wheel as root cmd /usr/sbin/bhyve-win<br>
&gt; permit nopass :wheel as root cmd /usr/sbin/bhyve-lin<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; doas /usr/sbin/12-Win-11-vm12<br>
&gt; doas: Operation not permitted<br>
&gt;<br>
&gt; BUT :<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo nano /usr/sbin/hallo<br>
&gt;<br>
&gt; #!/bin/sh<br>
&gt; echo hallo $USER<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo chmod 0755 /usr/sbin/hallo<b=
r>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo nano /usr/local/etc/doas.con=
f<br>
&gt;<br>
&gt; permit nopass :wheel as root cmd hallo<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; doas hallo<br>
&gt;<br>
&gt; BOOM ! it works :<br>
&gt;<br>
&gt; hallo root<br>
&gt;<br>
&gt; On Mon, Jun 17, 2024 at 6:54=E2=80=AFPM Dave Cottlehuber &lt;<a href=
=3D"mailto:dch@skunkwerks.at" target=3D"_blank">dch@skunkwerks.at</a>&gt; w=
rote:<br>
&gt;&gt;<br>
&gt;&gt; On Mon, 17 Jun 2024, at 14:12, Mario Marietto wrote:<br>
&gt;&gt; &gt; Nice idea,but it does not work :<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; nano /home/marietto/.zshrc<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; # ~/.zshrc<br>
&gt;&gt;<br>
&gt;&gt; Hi Mario, I think your zsh stuff is getting in the way<br>
&gt;&gt; here. Your zshrc function is not visible to the root user,<br>
&gt;&gt; as doas cleans up all the env and so your function is unknown.<br>
&gt;&gt;<br>
&gt;&gt; So start off with something without bhyve, make sure you are in<br=
>
&gt;&gt; wheel group, and add a shell script called<br>
&gt;&gt; /usr/local/bin/hallo:<br>
&gt;&gt;<br>
&gt;&gt; ```<br>
&gt;&gt; #!/bin/sh<br>
&gt;&gt; echo hallo $USER<br>
&gt;&gt; ```<br>
&gt;&gt;<br>
&gt;&gt; chmod 0755 /usr/local/bin/hallo<br>
&gt;&gt;<br>
&gt;&gt; ```<br>
&gt;&gt; # /usr/local/etc/doas.conf (per doas.conf manpage)<br>
&gt;&gt; permit nopass :wheel as root cmd /usr/local/bin/hallo<br>
&gt;&gt; ```<br>
&gt;&gt;<br>
&gt;&gt; $ doas /usr/local/bin/hallo<br>
&gt;&gt; hallo root<br>
&gt;&gt;<br>
&gt;&gt; then replace your bhyve commands in the hallo script.<br>
&gt;&gt;<br>
&gt;&gt; Off the top of my head there&#39;s no reason for bhyve to need<br>
&gt;&gt; anything different to hallo script.<br>
&gt;&gt; A+<br>
&gt;&gt; Dave<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; --<br>
&gt; Mario.<br>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>
</blockquote></div>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>

--0000000000000929fd061b1ba2cb--

From nobody Mon Jun 17 20:43:33 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W32185k8Yz5PZsC
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 20:44:12 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W32180nhzz4SXg;
	Mon, 17 Jun 2024 20:44:12 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=dkhEsha8;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (mx1.freebsd.org: domain of marietto2008@gmail.com designates 2607:f8b0:4864:20::532 as permitted sender) smtp.mailfrom=marietto2008@gmail.com
Received: by mail-pg1-x532.google.com with SMTP id 41be03b00d2f7-6e3ff7c4cc8so3509992a12.3;
        Mon, 17 Jun 2024 13:44:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1718657050; x=1719261850; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=XLQOnqyOhuKqq9nHTthHrYYn5a38IsqVmiwgr8Mu+/k=;
        b=dkhEsha8E7IhZQBYUWb6SGVneIwAyNaZsWDkPM6hybztnGcWyhOzSvwHC8ehcvXift
         +Vcaq5Yz/3AV7tWWTCAGGmsD9a/YNdK5B9IrNjJpikjunUBBRn9y8Z7z+Bw8QxdF5KtV
         QWIcVpFPWgUXDkmfRqi8hXz8iyR9QQ68xShj2Z0TYD29ZI5r70YPjNsCg7AsckDXotyp
         C2nPpRDvMfQKz3CqswC77M8EBNvxHB9LUOcEHZKIH3kCq1qH4Q0Coan7jh1jgXHd8oG6
         w96gnIl7FnvkN9Q+jBm4mxBUtBcANO0hbIk8BeBzDZBJZvqoSdKVe4bNDx7rwCal6z7K
         DfYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1718657050; x=1719261850;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=XLQOnqyOhuKqq9nHTthHrYYn5a38IsqVmiwgr8Mu+/k=;
        b=nygwkL8FHJTq3RuH/LR0EG2U2nsLLzZ3djnU+jYRtoMwbrvN2vbx64v6goraViltTJ
         IZploExhB5JsIgqr4IVR/A9pxLwbcG5aIRler0p0JnvxuxCb8mwbkQ7/b7Q1uMLmk8TI
         pJ1nV+Wyxiqgh2Dpdu2iAQ7cdh6+xXkp7pn8RNrpcLQB2l5+Mu2ARf7V+swMD1RBf+D2
         B/7qA0AcvlWG7v3WYuDBN+tuklXD7bGXqf1Gg0t3eMipxx1FaxWtETERhPtKrpD9cICh
         ipcx2C810ucfA4ipBI495QkrzbVefNzkmTU7jfrcaFCGqST3qfjSd/j3hyWJ20kdHH1j
         Rsbw==
X-Forwarded-Encrypted: i=1; AJvYcCWPpSpGq3uhQOIXIBVCxRQ3YZiQgxgtMpXBqEXpULONshH6bCu13tdzv3U9PqUDXvd/8VbpiTHFegNNGbsoVJEmAeQbv2T7KWr9Dfg0Cn8clf40
X-Gm-Message-State: AOJu0YzdCtKriaUTm46gGsmpozSXmgn58g7aZJqdx/VYgXOfDZufqLh6
	l31S8kPjnZZ4pNAyD/jtYcqlvEKwFhX5Kp136FDYQWqFxMxD9FmDSkS1qYdD/AabJr1bxGTtqaW
	0RLmW31O/PC3YFGvsmKHQqw/9VQywYnZ1uH8=
X-Google-Smtp-Source: AGHT+IF9Q6OC0uZ2OQsNjeYEfE6F8toBiK3Vr82Ba+Jh0rQEy3/QkztEWhtiSKSyoxiKAz0vAiCY4udjs9NRyzLqbqQ=
X-Received: by 2002:a17:90b:4a8d:b0:2c4:e333:35e9 with SMTP id
 98e67ed59e1d1-2c4e3333826mr7510908a91.30.1718657050116; Mon, 17 Jun 2024
 13:44:10 -0700 (PDT)
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
References: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
 <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
 <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com>
 <86a551c1-7f10-450d-a282-b33f959ed93e@app.fastmail.com> <CA+1FSighjAkOAtzyX3HBy4h0ZnTVckjF9adnWMpAR3m=xW0dUA@mail.gmail.com>
 <CAGGgMJfoAHFv2uJBzz+cJ-pe0tUX=BVaCxM3y5SU-cUxGHcs9A@mail.gmail.com>
 <CA+1FSihHFejcobwVdGhtus4P8uRDkPyXDhQtrBCp-EWxPz=MPg@mail.gmail.com>
 <CAGGgMJd+Zh6G+0jmCe_+fxof8-RD3AiwhnDuejo84Lm56qZm1A@mail.gmail.com> <CA+1FSijS1O8aL6GVwRx0Mt4PETvbL1C0oMgs79pQBtUg4jV8FA@mail.gmail.com>
In-Reply-To: <CA+1FSijS1O8aL6GVwRx0Mt4PETvbL1C0oMgs79pQBtUg4jV8FA@mail.gmail.com>
From: Mario Marietto <marietto2008@gmail.com>
Date: Mon, 17 Jun 2024 22:43:33 +0200
Message-ID: <CA+1FSij4Xb2b7Mt-TbYMs7+2Z4NgfEu7gcaGENJohdAKSGKXGA@mail.gmail.com>
Subject: Re: How to launch a bhyve vm as normal user,without being root
To: Mark Peek <mp@freebsd.org>
Cc: Dave Cottlehuber <dch@skunkwerks.at>, Odhiambo Washington <odhiambo@gmail.com>, 
	freebsd-virtualization <freebsd-virtualization@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000f68df5061b1c06c6"
X-Spamd-Bar: -
X-Spamd-Result: default: False [-1.88 / 15.00];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	URI_COUNT_ODD(1.00)[1];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	HTTP_TO_IP(1.00)[];
	NEURAL_HAM_SHORT(-0.88)[-0.878];
	DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601];
	R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	TO_DN_ALL(0.00)[];
	FREEMAIL_ENVFROM(0.00)[gmail.com];
	RCVD_TLS_LAST(0.00)[];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	FREEMAIL_CC(0.00)[skunkwerks.at,gmail.com,freebsd.org];
	FREEMAIL_FROM(0.00)[gmail.com];
	ARC_NA(0.00)[];
	FROM_HAS_DN(0.00)[];
	MISSING_XM_UA(0.00)[];
	RCPT_COUNT_THREE(0.00)[4];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	DKIM_TRACE(0.00)[gmail.com:+];
	MLMMJ_DEST(0.00)[freebsd-virtualization@freebsd.org];
	RCVD_COUNT_ONE(0.00)[1];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
	RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::532:from];
	DWL_DNSWL_NONE(0.00)[gmail.com:dkim]
X-Rspamd-Queue-Id: 4W32180nhzz4SXg

--000000000000f68df5061b1c06c6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

I had an illumination and I found how it works :

[marietto@marietto /bhyve]=3D=3D> doas /bhyve/12-Win-11-vm12

But why ?


On Mon, Jun 17, 2024 at 10:15=E2=80=AFPM Mario Marietto <marietto2008@gmail=
.com>
wrote:

> nano /usr/local/etc/doas.conf :
>
> permit nopass :wheel as root cmd bhyve-win
> permit nopass :wheel as root cmd bhyve-lin
> permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12
>
> [marietto@marietto /bhyve]=3D=3D> doas 12-Win-11-vm12
> doas: Operation not permitted
>
> On Mon, Jun 17, 2024 at 9:50=E2=80=AFPM Mark Peek <mp@freebsd.org> wrote:
>
>> Likely because you don't have this in the doas.conf file:
>>
>> permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12
>>
>>
>> On Mon, Jun 17, 2024 at 11:35=E2=80=AFAM Mario Marietto <marietto2008@gm=
ail.com>
>> wrote:
>>
>>> If I keep the bhyve scripts in /usr/sbin,it works. But I want to keep
>>> the bhyve scripts in /bhyve and I don't want to keep them in /usr/sbin.=
 For
>>> this reason I've added the path /bhyve to /home/marietto/.zshrc like th=
is :
>>>
>>> # ~/.zshrc
>>>
>>> # zsh autocompletion for sudo and doas
>>> zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
>>> /usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve
>>>
>>> and in /root/.zshrc :
>>>
>>> # zsh autocompletion for sudo and doas
>>> zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
>>> /usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve
>>>
>>> but when I try to run the vm like this :
>>>
>>> [marietto@marietto /bhyve]=3D=3D> doas 12-Win-11-vm12
>>>
>>> it says :
>>>
>>> doas: 12-Win-11-vm12: command not found
>>>
>>> and when I do :
>>>
>>> [marietto@marietto /bhyve]=3D=3D> doas ./12-Win-11-vm12
>>>
>>> it says :
>>>
>>> doas: Operation not permitted
>>>
>>> Why ?
>>>
>>>
>>> On Mon, Jun 17, 2024 at 7:53=E2=80=AFPM Mark Peek <mp@freebsd.org> wrot=
e:
>>>
>>>> Likely need to add this as it is what you are passing to doas as the
>>>> command to execute:
>>>>
>>>> permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12
>>>>
>>>> Mark
>>>>
>>>> On Mon, Jun 17, 2024 at 10:40=E2=80=AFAM Mario Marietto <marietto2008@=
gmail.com>
>>>> wrote:
>>>> >
>>>> > [marietto@marietto /bhyve]=3D=3D> sudo cp 12-Win-11-vm12 /usr/sbin
>>>> >
>>>> > [marietto@marietto /bhyve]=3D=3D> nano /usr/sbin/12-Win-11-vm12
>>>> >
>>>> > #!/bin/sh
>>>> >
>>>> > bhyve-win -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \
>>>> > -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \
>>>> > -s 0,hostbridge \
>>>> > -s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,bootindex=3D=
1 \
>>>> > -s 2,ahci-hd,/dev/$vmdisk5 \
>>>> > -s 8:0,passthru,2/0/0 \
>>>> > -s 8:1,passthru,2/0/1 \
>>>> > -s 8:2,passthru,2/0/2 \
>>>> > -s 8:3,passthru,2/0/3 \
>>>> > -s 13,virtio-net,tap12 \
>>>> > -s 29,fbuf,tcp=3D0.0.0.0:5912,w=3D1600,h=3D950,wait \
>>>> > -s 30,xhci,tablet \
>>>> > -s 31,lpc \
>>>> > -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \
>>>> > vm0:12 < /dev/null & sleep 2 && vncviewer 0:12
>>>> >
>>>> > [marietto@marietto /bhyve]=3D=3D> sudo chmod 0755
>>>> /usr/sbin/12-Win-11-vm12
>>>> >
>>>> > [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/local/etc/doas.conf
>>>> >
>>>> > permit nopass :wheel as root cmd /usr/sbin/bhyve-win
>>>> > permit nopass :wheel as root cmd /usr/sbin/bhyve-lin
>>>> >
>>>> > [marietto@marietto /bhyve]=3D=3D> doas /usr/sbin/12-Win-11-vm12
>>>> > doas: Operation not permitted
>>>> >
>>>> > BUT :
>>>> >
>>>> > [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/sbin/hallo
>>>> >
>>>> > #!/bin/sh
>>>> > echo hallo $USER
>>>> >
>>>> > [marietto@marietto /bhyve]=3D=3D> sudo chmod 0755 /usr/sbin/hallo
>>>> >
>>>> > [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/local/etc/doas.conf
>>>> >
>>>> > permit nopass :wheel as root cmd hallo
>>>> >
>>>> > [marietto@marietto /bhyve]=3D=3D> doas hallo
>>>> >
>>>> > BOOM ! it works :
>>>> >
>>>> > hallo root
>>>> >
>>>> > On Mon, Jun 17, 2024 at 6:54=E2=80=AFPM Dave Cottlehuber <dch@skunkw=
erks.at>
>>>> wrote:
>>>> >>
>>>> >> On Mon, 17 Jun 2024, at 14:12, Mario Marietto wrote:
>>>> >> > Nice idea,but it does not work :
>>>> >> >
>>>> >> > nano /home/marietto/.zshrc
>>>> >> >
>>>> >> > # ~/.zshrc
>>>> >>
>>>> >> Hi Mario, I think your zsh stuff is getting in the way
>>>> >> here. Your zshrc function is not visible to the root user,
>>>> >> as doas cleans up all the env and so your function is unknown.
>>>> >>
>>>> >> So start off with something without bhyve, make sure you are in
>>>> >> wheel group, and add a shell script called
>>>> >> /usr/local/bin/hallo:
>>>> >>
>>>> >> ```
>>>> >> #!/bin/sh
>>>> >> echo hallo $USER
>>>> >> ```
>>>> >>
>>>> >> chmod 0755 /usr/local/bin/hallo
>>>> >>
>>>> >> ```
>>>> >> # /usr/local/etc/doas.conf (per doas.conf manpage)
>>>> >> permit nopass :wheel as root cmd /usr/local/bin/hallo
>>>> >> ```
>>>> >>
>>>> >> $ doas /usr/local/bin/hallo
>>>> >> hallo root
>>>> >>
>>>> >> then replace your bhyve commands in the hallo script.
>>>> >>
>>>> >> Off the top of my head there's no reason for bhyve to need
>>>> >> anything different to hallo script.
>>>> >> A+
>>>> >> Dave
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> > Mario.
>>>>
>>>
>>>
>>> --
>>> Mario.
>>>
>>
>
> --
> Mario.
>


--=20
Mario.

--000000000000f68df5061b1c06c6
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>I had an illumination and I found how it works :<br><=
/div><div></div><div><br></div><div>[marietto@marietto /bhyve]=3D=3D&gt; do=
as /bhyve/12-Win-11-vm12</div><div><br></div><div>But why ? <br></div><div>=
<br></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gm=
ail_attr">On Mon, Jun 17, 2024 at 10:15=E2=80=AFPM Mario Marietto &lt;<a hr=
ef=3D"mailto:marietto2008@gmail.com">marietto2008@gmail.com</a>&gt; wrote:<=
br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8e=
x;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"=
><div>nano /usr/local/etc/doas.conf :</div><div><br></div><div>permit nopas=
s :wheel as root cmd bhyve-win<br>permit nopass :wheel as root cmd bhyve-li=
n<br>permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12</div><div><br><=
/div><div>[marietto@marietto /bhyve]=3D=3D&gt; doas 12-Win-11-vm12</div>doa=
s: Operation not permitted</div><br><div class=3D"gmail_quote"><div dir=3D"=
ltr" class=3D"gmail_attr">On Mon, Jun 17, 2024 at 9:50=E2=80=AFPM Mark Peek=
 &lt;<a href=3D"mailto:mp@freebsd.org" target=3D"_blank">mp@freebsd.org</a>=
&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px =
0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div=
 dir=3D"ltr">Likely because you don&#39;t have this in the doas.conf file:<=
div><br></div><div><font face=3D"monospace" style=3D"background-color:rgb(2=
55,255,255)" color=3D"#000000">permit nopass :wheel as root cmd /bhyve/12-W=
in-11-vm12<br></font></div><div><br></div></div><br><div class=3D"gmail_quo=
te"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Jun 17, 2024 at 11:35=E2=
=80=AFAM Mario Marietto &lt;<a href=3D"mailto:marietto2008@gmail.com" targe=
t=3D"_blank">marietto2008@gmail.com</a>&gt; wrote:<br></div><blockquote cla=
ss=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid =
rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div><div><div><div id=
=3D"m_-9169965968015393723m_5208458890051620345m_-1165728036884468405gmail-=
:po"><div id=3D"m_-9169965968015393723m_5208458890051620345m_-1165728036884=
468405gmail-:o1"><div dir=3D"ltr"><div>If I keep the bhyve scripts in /usr/=
sbin,it works. But I want to keep the bhyve scripts in /bhyve and I don&#39=
;t want to keep them in /usr/sbin. For this reason I&#39;ve added the path =
/bhyve to /home/marietto/.zshrc like this :<br></div><span><div><br></div><=
div># ~/.zshrc</div><br># zsh autocompletion for sudo and doas<br><div>zsty=
le &quot;:completion:*:(sudo|su|doas):*&quot; command-path /usr/local/bin /=
usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve</div><div><br></div></s=
pan><div>and in /root/.zshrc :</div><span><div><div><br></div># zsh autocom=
pletion for sudo and doas<br><div>zstyle &quot;:completion:*:(sudo|su|doas)=
:*&quot; command-path /usr/local/bin /usr/local/sbin /usr/sbin /usr/bin /bi=
n /sbin /bhyve</div></div><div><br></div></span><div>but when I try to run =
the vm like this :</div><span><div></div><div><br></div><div></div><div></d=
iv><div>[marietto@marietto /bhyve]=3D=3D&gt; doas 12-Win-11-vm12<br></div><=
div><br></div></span><div>it says :</div><span><div><br></div><div>doas: 12=
-Win-11-vm12: command not found</div><div><br></div></span><div>and when I =
do :</div><div><br></div><div><span>[marietto@marietto /bhyve]=3D=3D&gt; do=
as ./12-Win-11-vm12</span></div><div><br></div><div>it says :</div><div><br=
></div><div>doas: Operation not permitted</div><div><br></div><div>Why ?</d=
iv></div></div></div></div></div></div><div><div><div role=3D"list"><div ro=
le=3D"listitem" aria-expanded=3D"true"><div><div><div><div id=3D"m_-9169965=
968015393723m_5208458890051620345m_-1165728036884468405gmail-:um"><div><div=
><div><div id=3D"m_-9169965968015393723m_5208458890051620345m_-116572803688=
4468405gmail-:q6"><table role=3D"presentation"><tbody><tr><td><br></td></tr=
></tbody></table></div></div></div></div></div></div></div></div></div></di=
v></div></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=
=3D"gmail_attr">On Mon, Jun 17, 2024 at 7:53=E2=80=AFPM Mark Peek &lt;<a hr=
ef=3D"mailto:mp@freebsd.org" target=3D"_blank">mp@freebsd.org</a>&gt; wrote=
:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.=
8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Likely need to=
 add this as it is what you are passing to doas as the<br>
command to execute:<br>
<br>
permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12<br>
<br>
Mark<br>
<br>
On Mon, Jun 17, 2024 at 10:40=E2=80=AFAM Mario Marietto &lt;<a href=3D"mail=
to:marietto2008@gmail.com" target=3D"_blank">marietto2008@gmail.com</a>&gt;=
 wrote:<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo cp 12-Win-11-vm12 /usr/sbin<=
br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; nano /usr/sbin/12-Win-11-vm12<br>
&gt;<br>
&gt; #!/bin/sh<br>
&gt;<br>
&gt; bhyve-win -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \<br>
&gt; -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \<br>
&gt; -s 0,hostbridge \<br>
&gt; -s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,bootindex=3D1 =
\<br>
&gt; -s 2,ahci-hd,/dev/$vmdisk5 \<br>
&gt; -s 8:0,passthru,2/0/0 \<br>
&gt; -s 8:1,passthru,2/0/1 \<br>
&gt; -s 8:2,passthru,2/0/2 \<br>
&gt; -s 8:3,passthru,2/0/3 \<br>
&gt; -s 13,virtio-net,tap12 \<br>
&gt; -s 29,fbuf,tcp=3D<a href=3D"http://0.0.0.0:5912" rel=3D"noreferrer" ta=
rget=3D"_blank">0.0.0.0:5912</a>,w=3D1600,h=3D950,wait \<br>
&gt; -s 30,xhci,tablet \<br>
&gt; -s 31,lpc \<br>
&gt; -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \<br>
&gt; vm0:12 &lt; /dev/null &amp; sleep 2 &amp;&amp; vncviewer 0:12<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo chmod 0755 /usr/sbin/12-Win-=
11-vm12<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo nano /usr/local/etc/doas.con=
f<br>
&gt;<br>
&gt; permit nopass :wheel as root cmd /usr/sbin/bhyve-win<br>
&gt; permit nopass :wheel as root cmd /usr/sbin/bhyve-lin<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; doas /usr/sbin/12-Win-11-vm12<br>
&gt; doas: Operation not permitted<br>
&gt;<br>
&gt; BUT :<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo nano /usr/sbin/hallo<br>
&gt;<br>
&gt; #!/bin/sh<br>
&gt; echo hallo $USER<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo chmod 0755 /usr/sbin/hallo<b=
r>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo nano /usr/local/etc/doas.con=
f<br>
&gt;<br>
&gt; permit nopass :wheel as root cmd hallo<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; doas hallo<br>
&gt;<br>
&gt; BOOM ! it works :<br>
&gt;<br>
&gt; hallo root<br>
&gt;<br>
&gt; On Mon, Jun 17, 2024 at 6:54=E2=80=AFPM Dave Cottlehuber &lt;<a href=
=3D"mailto:dch@skunkwerks.at" target=3D"_blank">dch@skunkwerks.at</a>&gt; w=
rote:<br>
&gt;&gt;<br>
&gt;&gt; On Mon, 17 Jun 2024, at 14:12, Mario Marietto wrote:<br>
&gt;&gt; &gt; Nice idea,but it does not work :<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; nano /home/marietto/.zshrc<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; # ~/.zshrc<br>
&gt;&gt;<br>
&gt;&gt; Hi Mario, I think your zsh stuff is getting in the way<br>
&gt;&gt; here. Your zshrc function is not visible to the root user,<br>
&gt;&gt; as doas cleans up all the env and so your function is unknown.<br>
&gt;&gt;<br>
&gt;&gt; So start off with something without bhyve, make sure you are in<br=
>
&gt;&gt; wheel group, and add a shell script called<br>
&gt;&gt; /usr/local/bin/hallo:<br>
&gt;&gt;<br>
&gt;&gt; ```<br>
&gt;&gt; #!/bin/sh<br>
&gt;&gt; echo hallo $USER<br>
&gt;&gt; ```<br>
&gt;&gt;<br>
&gt;&gt; chmod 0755 /usr/local/bin/hallo<br>
&gt;&gt;<br>
&gt;&gt; ```<br>
&gt;&gt; # /usr/local/etc/doas.conf (per doas.conf manpage)<br>
&gt;&gt; permit nopass :wheel as root cmd /usr/local/bin/hallo<br>
&gt;&gt; ```<br>
&gt;&gt;<br>
&gt;&gt; $ doas /usr/local/bin/hallo<br>
&gt;&gt; hallo root<br>
&gt;&gt;<br>
&gt;&gt; then replace your bhyve commands in the hallo script.<br>
&gt;&gt;<br>
&gt;&gt; Off the top of my head there&#39;s no reason for bhyve to need<br>
&gt;&gt; anything different to hallo script.<br>
&gt;&gt; A+<br>
&gt;&gt; Dave<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; --<br>
&gt; Mario.<br>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>
</blockquote></div>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>

--000000000000f68df5061b1c06c6--

From nobody Mon Jun 17 20:45:56 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W323P0znCz5PZmx
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 20:46:09 +0000 (UTC)
	(envelope-from mp@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W323P0nKCz4T2C
	for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 20:46:09 +0000 (UTC)
	(envelope-from mp@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1718657169;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=ErHiaY5f7XUCsYjLHgiDj/yJLMlem8jIv/VY3Evn7lQ=;
	b=v0bI7etZz/8sE4UpKEs2ar2+MRcdBvjjEbFd6VmmZUQBqVolW+sRHGQJN4JLx0QbwGlY4y
	QqsDBzfHaD+GbfY2+K5UjPxdSpMlmeY5I8YawERRci9hZOhwfSz6WGCijlkvSPV+PmqGZC
	u+whEmVvTIMSK0kk52jBmHRGt88/LjFdAOw7GiAuJRTndv+pbbljySbem79+DaQU9Nz2bT
	B7rdNh1DKr8wxPuy2IbYFV+VpmiO6535ox1rTEH1aONB2znrpXhBLqltUBa3tMvlWAoZsS
	+FaXwevmNqriiUiOChlDevCe7C2TFAbhMbVE/doZcQrIGYL6pvYnyGuvrAAD8w==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1718657169; a=rsa-sha256; cv=none;
	b=g71nHoh4H3P7es2tKsi/GBGS4e3qIxBbbPbG4bsO3RHrQ4eC2xnLaEWu4JVLVia900XizQ
	arxf4MlXBEO0izjMUY+CE3ZL5O+//xF9Updjyld65peNt+OVo7OtFheG9Qb2wk5GgN3WXB
	HVTpO8OwihcWon7ei6ZwjCmPfCq6sBWZpfDyCSGYgl2GBHGh+2kZPQN2PRu9aLaeVXBWzq
	MgecBx+NiaBuctupn75OZP1R0+sGngWmr+A6u44QPiDIhlOLaiisHFvl/3Ca9thzZNhC57
	mOvlsC1FUkhgds3vVLk7+PSwTVDxuwDKJx/ROD5D+9qaPWt7U3W3bAtL/chD9g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1718657169;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=ErHiaY5f7XUCsYjLHgiDj/yJLMlem8jIv/VY3Evn7lQ=;
	b=OcOfPhI2/JlPJ2TNszLQlFJHVDaFQi0DqK9Tp7v/neP8C/2C9HkbW5VjevtBYepdj/eGmR
	h1EdBJlu0zLL3OZd4ON5S5CS7NvqKkECQGfeRvtb+fsgvFNae5S1OPn/hk8AR8IcZmQG4h
	9EavpE635R/RBKEpRJNzge3vbNv3vaPjE9mTb2EiJhtevSSE5k4Ki0c6pTsGFXoIddG2sv
	6cwmZ9bZjZS4Si6vruF/7k5yXSGG6RQzXLjCRZxnAJCxjMCReq+wM38SQZRfKHEBTY6qL/
	t6LF66r4DrLkTnyBrOd4JPzXKLpEKE3jX9+6tgD2c/fgeqqEdkkIp06sNMDOJg==
Received: from mail-yb1-f171.google.com (mail-yb1-f171.google.com [209.85.219.171])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	(Authenticated sender: mp)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4W323P0PwpzYZx
	for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 20:46:09 +0000 (UTC)
	(envelope-from mp@freebsd.org)
Received: by mail-yb1-f171.google.com with SMTP id 3f1490d57ef6-e0272692096so13463276.1
        for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 13:46:09 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCULHr8twKttlr1cDUwPwAuSJeh9ZaoxXkAdCXUDiuDoSkUwmx+DKAp2zLa9EBEl9ef6ODxAa4JeegTEcN0k8rzqbQ4EtcKITHz7Ad5rHD1J1y/+
X-Gm-Message-State: AOJu0YxIWgX7PuGQVPcQQvuA08BN+Vb8cJKEBbTOwMKm4eL4rCpjOzuC
	fm3sGzwr9zNx0i8RSp1qyHrw8j49rQo+RQspdE2VUIZVMoww/fpJuftxKUJh2lcFU4gssnUBZ/i
	tt2WEknprXau1tslWHmhkrW/Wsl6DRn0rpu1k6A==
X-Google-Smtp-Source: AGHT+IEtAMwg3+wRtcRf0/8EdPH2S8dkNhaVUMxCHGiuo5Sf2PZ1ej/ti3JkSAyqfgHuBH6EMD6dfNzSI+Z0WQNxUDU=
X-Received: by 2002:a25:ac60:0:b0:de6:5f4:5429 with SMTP id
 3f1490d57ef6-dff1549186dmr9492212276.46.1718657168182; Mon, 17 Jun 2024
 13:46:08 -0700 (PDT)
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
References: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
 <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
 <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com>
 <86a551c1-7f10-450d-a282-b33f959ed93e@app.fastmail.com> <CA+1FSighjAkOAtzyX3HBy4h0ZnTVckjF9adnWMpAR3m=xW0dUA@mail.gmail.com>
 <CAGGgMJfoAHFv2uJBzz+cJ-pe0tUX=BVaCxM3y5SU-cUxGHcs9A@mail.gmail.com>
 <CA+1FSihHFejcobwVdGhtus4P8uRDkPyXDhQtrBCp-EWxPz=MPg@mail.gmail.com>
 <CAGGgMJd+Zh6G+0jmCe_+fxof8-RD3AiwhnDuejo84Lm56qZm1A@mail.gmail.com>
 <CA+1FSijS1O8aL6GVwRx0Mt4PETvbL1C0oMgs79pQBtUg4jV8FA@mail.gmail.com> <CA+1FSij4Xb2b7Mt-TbYMs7+2Z4NgfEu7gcaGENJohdAKSGKXGA@mail.gmail.com>
In-Reply-To: <CA+1FSij4Xb2b7Mt-TbYMs7+2Z4NgfEu7gcaGENJohdAKSGKXGA@mail.gmail.com>
From: Mark Peek <mp@freebsd.org>
Date: Mon, 17 Jun 2024 13:45:56 -0700
X-Gmail-Original-Message-ID: <CAGGgMJeRvrtML4LoBe1NyQHwMGPmD0vV7tous0_HDZWVANUD1A@mail.gmail.com>
Message-ID: <CAGGgMJeRvrtML4LoBe1NyQHwMGPmD0vV7tous0_HDZWVANUD1A@mail.gmail.com>
Subject: Re: How to launch a bhyve vm as normal user,without being root
To: Mario Marietto <marietto2008@gmail.com>
Cc: Mark Peek <mp@freebsd.org>, Dave Cottlehuber <dch@skunkwerks.at>, 
	Odhiambo Washington <odhiambo@gmail.com>, 
	freebsd-virtualization <freebsd-virtualization@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000003450061b1c0e9d"

--000000000000003450061b1c0e9d
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

I was just responding...

Works for me using the full path to the command. You should try as well
with the full path to the command.

$ ls -l /bhyve/12-Win-11-vm12
-rwxr-xr-x  1 root wheel 22 Jun 17 13:25 /bhyve/12-Win-11-vm12
$ cat !$
cat /bhyve/12-Win-11-vm12
#!/bin/sh

echo $USER
$ ls -l /bhyve/12-Win-11-vm12
-rwxr-xr-x  1 root wheel 22 Jun 17 13:25 /bhyve/12-Win-11-vm12
$ cat /bhyve/12-Win-11-vm12
#!/bin/sh

echo $USER
$ cat /usr/local/etc/doas.conf
permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12
$ doas /bhyve/12-Win-11-vm12
root
$ doas 12-Win-11-vm12
doas: Operation not permitted

This last failure is likely an issue with how PATH interacts with doas. You
should move this to another mailing list as this is more about "doas" than
"bhyve".


On Mon, Jun 17, 2024 at 1:44=E2=80=AFPM Mario Marietto <marietto2008@gmail.=
com>
wrote:

> I had an illumination and I found how it works :
>
> [marietto@marietto /bhyve]=3D=3D> doas /bhyve/12-Win-11-vm12
>
> But why ?
>
>
> On Mon, Jun 17, 2024 at 10:15=E2=80=AFPM Mario Marietto <marietto2008@gma=
il.com>
> wrote:
>
>> nano /usr/local/etc/doas.conf :
>>
>> permit nopass :wheel as root cmd bhyve-win
>> permit nopass :wheel as root cmd bhyve-lin
>> permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12
>>
>> [marietto@marietto /bhyve]=3D=3D> doas 12-Win-11-vm12
>> doas: Operation not permitted
>>
>> On Mon, Jun 17, 2024 at 9:50=E2=80=AFPM Mark Peek <mp@freebsd.org> wrote=
:
>>
>>> Likely because you don't have this in the doas.conf file:
>>>
>>> permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12
>>>
>>>
>>> On Mon, Jun 17, 2024 at 11:35=E2=80=AFAM Mario Marietto <marietto2008@g=
mail.com>
>>> wrote:
>>>
>>>> If I keep the bhyve scripts in /usr/sbin,it works. But I want to keep
>>>> the bhyve scripts in /bhyve and I don't want to keep them in /usr/sbin=
. For
>>>> this reason I've added the path /bhyve to /home/marietto/.zshrc like t=
his :
>>>>
>>>> # ~/.zshrc
>>>>
>>>> # zsh autocompletion for sudo and doas
>>>> zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
>>>> /usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve
>>>>
>>>> and in /root/.zshrc :
>>>>
>>>> # zsh autocompletion for sudo and doas
>>>> zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
>>>> /usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve
>>>>
>>>> but when I try to run the vm like this :
>>>>
>>>> [marietto@marietto /bhyve]=3D=3D> doas 12-Win-11-vm12
>>>>
>>>> it says :
>>>>
>>>> doas: 12-Win-11-vm12: command not found
>>>>
>>>> and when I do :
>>>>
>>>> [marietto@marietto /bhyve]=3D=3D> doas ./12-Win-11-vm12
>>>>
>>>> it says :
>>>>
>>>> doas: Operation not permitted
>>>>
>>>> Why ?
>>>>
>>>>
>>>> On Mon, Jun 17, 2024 at 7:53=E2=80=AFPM Mark Peek <mp@freebsd.org> wro=
te:
>>>>
>>>>> Likely need to add this as it is what you are passing to doas as the
>>>>> command to execute:
>>>>>
>>>>> permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12
>>>>>
>>>>> Mark
>>>>>
>>>>> On Mon, Jun 17, 2024 at 10:40=E2=80=AFAM Mario Marietto <
>>>>> marietto2008@gmail.com> wrote:
>>>>> >
>>>>> > [marietto@marietto /bhyve]=3D=3D> sudo cp 12-Win-11-vm12 /usr/sbin
>>>>> >
>>>>> > [marietto@marietto /bhyve]=3D=3D> nano /usr/sbin/12-Win-11-vm12
>>>>> >
>>>>> > #!/bin/sh
>>>>> >
>>>>> > bhyve-win -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \
>>>>> > -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \
>>>>> > -s 0,hostbridge \
>>>>> > -s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,bootindex=
=3D1 \
>>>>> > -s 2,ahci-hd,/dev/$vmdisk5 \
>>>>> > -s 8:0,passthru,2/0/0 \
>>>>> > -s 8:1,passthru,2/0/1 \
>>>>> > -s 8:2,passthru,2/0/2 \
>>>>> > -s 8:3,passthru,2/0/3 \
>>>>> > -s 13,virtio-net,tap12 \
>>>>> > -s 29,fbuf,tcp=3D0.0.0.0:5912,w=3D1600,h=3D950,wait \
>>>>> > -s 30,xhci,tablet \
>>>>> > -s 31,lpc \
>>>>> > -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \
>>>>> > vm0:12 < /dev/null & sleep 2 && vncviewer 0:12
>>>>> >
>>>>> > [marietto@marietto /bhyve]=3D=3D> sudo chmod 0755
>>>>> /usr/sbin/12-Win-11-vm12
>>>>> >
>>>>> > [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/local/etc/doas.con=
f
>>>>> >
>>>>> > permit nopass :wheel as root cmd /usr/sbin/bhyve-win
>>>>> > permit nopass :wheel as root cmd /usr/sbin/bhyve-lin
>>>>> >
>>>>> > [marietto@marietto /bhyve]=3D=3D> doas /usr/sbin/12-Win-11-vm12
>>>>> > doas: Operation not permitted
>>>>> >
>>>>> > BUT :
>>>>> >
>>>>> > [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/sbin/hallo
>>>>> >
>>>>> > #!/bin/sh
>>>>> > echo hallo $USER
>>>>> >
>>>>> > [marietto@marietto /bhyve]=3D=3D> sudo chmod 0755 /usr/sbin/hallo
>>>>> >
>>>>> > [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/local/etc/doas.con=
f
>>>>> >
>>>>> > permit nopass :wheel as root cmd hallo
>>>>> >
>>>>> > [marietto@marietto /bhyve]=3D=3D> doas hallo
>>>>> >
>>>>> > BOOM ! it works :
>>>>> >
>>>>> > hallo root
>>>>> >
>>>>> > On Mon, Jun 17, 2024 at 6:54=E2=80=AFPM Dave Cottlehuber <dch@skunk=
werks.at>
>>>>> wrote:
>>>>> >>
>>>>> >> On Mon, 17 Jun 2024, at 14:12, Mario Marietto wrote:
>>>>> >> > Nice idea,but it does not work :
>>>>> >> >
>>>>> >> > nano /home/marietto/.zshrc
>>>>> >> >
>>>>> >> > # ~/.zshrc
>>>>> >>
>>>>> >> Hi Mario, I think your zsh stuff is getting in the way
>>>>> >> here. Your zshrc function is not visible to the root user,
>>>>> >> as doas cleans up all the env and so your function is unknown.
>>>>> >>
>>>>> >> So start off with something without bhyve, make sure you are in
>>>>> >> wheel group, and add a shell script called
>>>>> >> /usr/local/bin/hallo:
>>>>> >>
>>>>> >> ```
>>>>> >> #!/bin/sh
>>>>> >> echo hallo $USER
>>>>> >> ```
>>>>> >>
>>>>> >> chmod 0755 /usr/local/bin/hallo
>>>>> >>
>>>>> >> ```
>>>>> >> # /usr/local/etc/doas.conf (per doas.conf manpage)
>>>>> >> permit nopass :wheel as root cmd /usr/local/bin/hallo
>>>>> >> ```
>>>>> >>
>>>>> >> $ doas /usr/local/bin/hallo
>>>>> >> hallo root
>>>>> >>
>>>>> >> then replace your bhyve commands in the hallo script.
>>>>> >>
>>>>> >> Off the top of my head there's no reason for bhyve to need
>>>>> >> anything different to hallo script.
>>>>> >> A+
>>>>> >> Dave
>>>>> >
>>>>> >
>>>>> >
>>>>> > --
>>>>> > Mario.
>>>>>
>>>>
>>>>
>>>> --
>>>> Mario.
>>>>
>>>
>>
>> --
>> Mario.
>>
>
>
> --
> Mario.
>

--000000000000003450061b1c0e9d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>I was just responding...</div><div><br></div><div>Wor=
ks for me using the full path to the command. You should try as well with t=
he full path to the command.</div><div><br></div>$ ls -l /bhyve/12-Win-11-v=
m12<br>-rwxr-xr-x =C2=A01 root wheel 22 Jun 17 13:25 /bhyve/12-Win-11-vm12<=
br>$ cat !$<br>cat /bhyve/12-Win-11-vm12<br>#!/bin/sh<br><br>echo $USER<br>=
$ ls -l /bhyve/12-Win-11-vm12<br>-rwxr-xr-x =C2=A01 root wheel 22 Jun 17 13=
:25 /bhyve/12-Win-11-vm12<br>$ cat /bhyve/12-Win-11-vm12<br>#!/bin/sh<br><b=
r>echo $USER<br>$ cat /usr/local/etc/doas.conf<br>permit nopass :wheel as r=
oot cmd /bhyve/12-Win-11-vm12<br>$ doas /bhyve/12-Win-11-vm12<br>root<div>$=
 doas 12-Win-11-vm12<br>doas: Operation not permitted<br><div><br></div><di=
v>This last failure is likely an issue with how PATH interacts with=C2=A0do=
as. You should move this to another mailing list as this is more about &quo=
t;doas&quot; than &quot;bhyve&quot;.</div><div><br></div></div></div><br><d=
iv class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Jun =
17, 2024 at 1:44=E2=80=AFPM Mario Marietto &lt;<a href=3D"mailto:marietto20=
08@gmail.com">marietto2008@gmail.com</a>&gt; wrote:<br></div><blockquote cl=
ass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid=
 rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div>I had an illumina=
tion and I found how it works :<br></div><div></div><div><br></div><div>[ma=
rietto@marietto /bhyve]=3D=3D&gt; doas /bhyve/12-Win-11-vm12</div><div><br>=
</div><div>But why ? <br></div><div><br></div></div><br><div class=3D"gmail=
_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Jun 17, 2024 at 10:15=
=E2=80=AFPM Mario Marietto &lt;<a href=3D"mailto:marietto2008@gmail.com" ta=
rget=3D"_blank">marietto2008@gmail.com</a>&gt; wrote:<br></div><blockquote =
class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px sol=
id rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div>nano /usr/local=
/etc/doas.conf :</div><div><br></div><div>permit nopass :wheel as root cmd =
bhyve-win<br>permit nopass :wheel as root cmd bhyve-lin<br>permit nopass :w=
heel as root cmd /bhyve/12-Win-11-vm12</div><div><br></div><div>[marietto@m=
arietto /bhyve]=3D=3D&gt; doas 12-Win-11-vm12</div>doas: Operation not perm=
itted</div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_a=
ttr">On Mon, Jun 17, 2024 at 9:50=E2=80=AFPM Mark Peek &lt;<a href=3D"mailt=
o:mp@freebsd.org" target=3D"_blank">mp@freebsd.org</a>&gt; wrote:<br></div>=
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr">Likely b=
ecause you don&#39;t have this in the doas.conf file:<div><br></div><div><f=
ont face=3D"monospace" style=3D"background-color:rgb(255,255,255)" color=3D=
"#000000">permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12<br></font>=
</div><div><br></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" =
class=3D"gmail_attr">On Mon, Jun 17, 2024 at 11:35=E2=80=AFAM Mario Mariett=
o &lt;<a href=3D"mailto:marietto2008@gmail.com" target=3D"_blank">marietto2=
008@gmail.com</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" sty=
le=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);paddi=
ng-left:1ex"><div dir=3D"ltr"><div><div><div><div id=3D"m_-4778425480339096=
771m_-9169965968015393723m_5208458890051620345m_-1165728036884468405gmail-:=
po"><div id=3D"m_-4778425480339096771m_-9169965968015393723m_52084588900516=
20345m_-1165728036884468405gmail-:o1"><div dir=3D"ltr"><div>If I keep the b=
hyve scripts in /usr/sbin,it works. But I want to keep the bhyve scripts in=
 /bhyve and I don&#39;t want to keep them in /usr/sbin. For this reason I&#=
39;ve added the path /bhyve to /home/marietto/.zshrc like this :<br></div><=
span><div><br></div><div># ~/.zshrc</div><br># zsh autocompletion for sudo =
and doas<br><div>zstyle &quot;:completion:*:(sudo|su|doas):*&quot; command-=
path /usr/local/bin /usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve</d=
iv><div><br></div></span><div>and in /root/.zshrc :</div><span><div><div><b=
r></div># zsh autocompletion for sudo and doas<br><div>zstyle &quot;:comple=
tion:*:(sudo|su|doas):*&quot; command-path /usr/local/bin /usr/local/sbin /=
usr/sbin /usr/bin /bin /sbin /bhyve</div></div><div><br></div></span><div>b=
ut when I try to run the vm like this :</div><span><div></div><div><br></di=
v><div></div><div></div><div>[marietto@marietto /bhyve]=3D=3D&gt; doas 12-W=
in-11-vm12<br></div><div><br></div></span><div>it says :</div><span><div><b=
r></div><div>doas: 12-Win-11-vm12: command not found</div><div><br></div></=
span><div>and when I do :</div><div><br></div><div><span>[marietto@marietto=
 /bhyve]=3D=3D&gt; doas ./12-Win-11-vm12</span></div><div><br></div><div>it=
 says :</div><div><br></div><div>doas: Operation not permitted</div><div><b=
r></div><div>Why ?</div></div></div></div></div></div></div><div><div><div =
role=3D"list"><div role=3D"listitem" aria-expanded=3D"true"><div><div><div>=
<div id=3D"m_-4778425480339096771m_-9169965968015393723m_520845889005162034=
5m_-1165728036884468405gmail-:um"><div><div><div><div id=3D"m_-477842548033=
9096771m_-9169965968015393723m_5208458890051620345m_-1165728036884468405gma=
il-:q6"><table role=3D"presentation"><tbody><tr><td><br></td></tr></tbody><=
/table></div></div></div></div></div></div></div></div></div></div></div></=
div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_at=
tr">On Mon, Jun 17, 2024 at 7:53=E2=80=AFPM Mark Peek &lt;<a href=3D"mailto=
:mp@freebsd.org" target=3D"_blank">mp@freebsd.org</a>&gt; wrote:<br></div><=
blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l=
eft:1px solid rgb(204,204,204);padding-left:1ex">Likely need to add this as=
 it is what you are passing to doas as the<br>
command to execute:<br>
<br>
permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12<br>
<br>
Mark<br>
<br>
On Mon, Jun 17, 2024 at 10:40=E2=80=AFAM Mario Marietto &lt;<a href=3D"mail=
to:marietto2008@gmail.com" target=3D"_blank">marietto2008@gmail.com</a>&gt;=
 wrote:<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo cp 12-Win-11-vm12 /usr/sbin<=
br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; nano /usr/sbin/12-Win-11-vm12<br>
&gt;<br>
&gt; #!/bin/sh<br>
&gt;<br>
&gt; bhyve-win -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \<br>
&gt; -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \<br>
&gt; -s 0,hostbridge \<br>
&gt; -s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,bootindex=3D1 =
\<br>
&gt; -s 2,ahci-hd,/dev/$vmdisk5 \<br>
&gt; -s 8:0,passthru,2/0/0 \<br>
&gt; -s 8:1,passthru,2/0/1 \<br>
&gt; -s 8:2,passthru,2/0/2 \<br>
&gt; -s 8:3,passthru,2/0/3 \<br>
&gt; -s 13,virtio-net,tap12 \<br>
&gt; -s 29,fbuf,tcp=3D<a href=3D"http://0.0.0.0:5912" rel=3D"noreferrer" ta=
rget=3D"_blank">0.0.0.0:5912</a>,w=3D1600,h=3D950,wait \<br>
&gt; -s 30,xhci,tablet \<br>
&gt; -s 31,lpc \<br>
&gt; -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \<br>
&gt; vm0:12 &lt; /dev/null &amp; sleep 2 &amp;&amp; vncviewer 0:12<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo chmod 0755 /usr/sbin/12-Win-=
11-vm12<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo nano /usr/local/etc/doas.con=
f<br>
&gt;<br>
&gt; permit nopass :wheel as root cmd /usr/sbin/bhyve-win<br>
&gt; permit nopass :wheel as root cmd /usr/sbin/bhyve-lin<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; doas /usr/sbin/12-Win-11-vm12<br>
&gt; doas: Operation not permitted<br>
&gt;<br>
&gt; BUT :<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo nano /usr/sbin/hallo<br>
&gt;<br>
&gt; #!/bin/sh<br>
&gt; echo hallo $USER<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo chmod 0755 /usr/sbin/hallo<b=
r>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo nano /usr/local/etc/doas.con=
f<br>
&gt;<br>
&gt; permit nopass :wheel as root cmd hallo<br>
&gt;<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; doas hallo<br>
&gt;<br>
&gt; BOOM ! it works :<br>
&gt;<br>
&gt; hallo root<br>
&gt;<br>
&gt; On Mon, Jun 17, 2024 at 6:54=E2=80=AFPM Dave Cottlehuber &lt;<a href=
=3D"mailto:dch@skunkwerks.at" target=3D"_blank">dch@skunkwerks.at</a>&gt; w=
rote:<br>
&gt;&gt;<br>
&gt;&gt; On Mon, 17 Jun 2024, at 14:12, Mario Marietto wrote:<br>
&gt;&gt; &gt; Nice idea,but it does not work :<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; nano /home/marietto/.zshrc<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; # ~/.zshrc<br>
&gt;&gt;<br>
&gt;&gt; Hi Mario, I think your zsh stuff is getting in the way<br>
&gt;&gt; here. Your zshrc function is not visible to the root user,<br>
&gt;&gt; as doas cleans up all the env and so your function is unknown.<br>
&gt;&gt;<br>
&gt;&gt; So start off with something without bhyve, make sure you are in<br=
>
&gt;&gt; wheel group, and add a shell script called<br>
&gt;&gt; /usr/local/bin/hallo:<br>
&gt;&gt;<br>
&gt;&gt; ```<br>
&gt;&gt; #!/bin/sh<br>
&gt;&gt; echo hallo $USER<br>
&gt;&gt; ```<br>
&gt;&gt;<br>
&gt;&gt; chmod 0755 /usr/local/bin/hallo<br>
&gt;&gt;<br>
&gt;&gt; ```<br>
&gt;&gt; # /usr/local/etc/doas.conf (per doas.conf manpage)<br>
&gt;&gt; permit nopass :wheel as root cmd /usr/local/bin/hallo<br>
&gt;&gt; ```<br>
&gt;&gt;<br>
&gt;&gt; $ doas /usr/local/bin/hallo<br>
&gt;&gt; hallo root<br>
&gt;&gt;<br>
&gt;&gt; then replace your bhyve commands in the hallo script.<br>
&gt;&gt;<br>
&gt;&gt; Off the top of my head there&#39;s no reason for bhyve to need<br>
&gt;&gt; anything different to hallo script.<br>
&gt;&gt; A+<br>
&gt;&gt; Dave<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; --<br>
&gt; Mario.<br>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>
</blockquote></div>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>
</blockquote></div>

--000000000000003450061b1c0e9d--

From nobody Mon Jun 17 22:35:48 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W34VM5Hclz5M3HR
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 22:36:11 +0000 (UTC)
	(envelope-from dch@skunkwerks.at)
Received: from fhigh6-smtp.messagingengine.com (fhigh6-smtp.messagingengine.com [103.168.172.157])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W34VM2mPMz4bnN
	for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 22:36:10 +0000 (UTC)
	(envelope-from dch@skunkwerks.at)
Authentication-Results: mx1.freebsd.org;
	none
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46])
	by mailfhigh.nyi.internal (Postfix) with ESMTP id A20F01140228;
	Mon, 17 Jun 2024 18:36:09 -0400 (EDT)
Received: from imap44 ([10.202.2.94])
  by compute2.internal (MEProxy); Mon, 17 Jun 2024 18:36:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at;
	 h=cc:cc:content-type:content-type:date:date:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:subject:subject:to:to; s=fm2; t=1718663769; x=
	1718750169; bh=i3L8P9tk5H5qWhczTMvNnY/2yAkY0T2xn3o1Zx/L+7w=; b=F
	ombS860ouNIsFPMzeTik0b3ldCDNzYjA1IJlYcZGUa4WjsPc+WFKUcVKp7Df30XH
	MtehEl7SWVRDf6B9voEwVorEJumhme90xHwnTHHbIxbtNFoYKviW0kdkGSEjoHif
	+UTAYkXfpyMcT2r7q2GoOyA6XU6JJzEkvDGQ4+0ENN2NsGzo0+VOgNlBRSyo5Dqo
	qIf7FzaSw7rbQPjuC78X1sdBnC8tfEn//s0uLFCrVrVdpSdx30uIQPX2V6A8ssju
	kg9NNlP1TYz+bIWaZHoQeNn6joyGPuwCGkb6m0h2+yyGXF+7axAGLxT2wVv1gtuc
	2PZna+eUSuvrfqd+gDjfQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm1; t=1718663769; x=1718750169; bh=i3L8P9tk5H5qWhczTMvNnY/2yAkY
	0T2xn3o1Zx/L+7w=; b=NYtOrg5gcS2ZJLxzcDSOmJStjk07EPuD3QMGt3IyD1vc
	WxdZD/T4ZWrO+lGZA9XzaP42ajJnbBGdSCQOR+HUXl61Z7btkTNJtq7Xyzetcede
	Bpkl16kuIqQvwzXn1XjuB5be5gF18/2Girie4aSC6OYpyE9+QjMbH9+GONqSO77e
	TFJX2i84SIory/wIvW/NRtb0R01GYFtEe92K0UcRre7wo0zZfkZTJmTMwLG8sQIw
	joTUE9Dw1DYQYI4TXz75f1vDcIIFRqTDyvMlEuIGbaiTXx7FvNuhKg1yespCF5Cw
	C4up2A2/Ty7rljhXU3zwXx9uVzZNTcsJf4ROzXslZQ==
X-ME-Sender: <xms:WbpwZnnVpzXFk0XxKqmcKooKSLHrZtOwTFK-WspOid0S_OzX-clMGQ>
    <xme:WbpwZq22wqNT0UTUTb6s3SBVSIfrvwvqxIYNi1HuYkyCtjiaGiY0fJEMqm4b1Chub
    eh_jdITLOa_Vdpwog>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrfedviedguddvucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
    cujfgurhepofgfggfkjghffffhvfevufgtsehttdertderredtnecuhfhrohhmpedfffgr
    vhgvucevohhtthhlvghhuhgsvghrfdcuoegutghhsehskhhunhhkfigvrhhkshdrrghtqe
    enucggtffrrghtthgvrhhnpedttdetuddvffeuvdeihfejtdelgfeglefhleeitefghedt
    udeigedutdektdduhfenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih
    hlfhhrohhmpegutghhsehskhhunhhkfigvrhhkshdrrght
X-ME-Proxy: <xmx:WbpwZtqN4w4_a3CMiTlP2QCg360M-UxCbxUse-sMrbz4_uTfbns0OA>
    <xmx:WbpwZvmtMN5MVedpOdyoz-x7OhRE_3BO0aelq1P-D1jp9elQjfu1cA>
    <xmx:WbpwZl2N1-KhVgNDktu2nyZEoElU9w6pS_AwLslcXpTxXqgp2ROpwg>
    <xmx:WbpwZutaa7dnKu3aMQPuJVq516xKWcAr3oCGiTtkCFToKLnnALUsVg>
    <xmx:WbpwZjAJ0gwI1sLTU266cKFXdG81q6RgOp-YLz4ztyCMnhFmXu2GReaj>
Feedback-ID: ic0e84090:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id 2145836A0076; Mon, 17 Jun 2024 18:36:09 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-522-ga39cca1d5-fm-20240610.002-ga39cca1d
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
Message-Id: <2245d71d-33a0-49ee-9648-e3e6b9a96ae0@app.fastmail.com>
In-Reply-To: 
 <CA+1FSighjAkOAtzyX3HBy4h0ZnTVckjF9adnWMpAR3m=xW0dUA@mail.gmail.com>
References: 
 <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
 <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
 <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com>
 <86a551c1-7f10-450d-a282-b33f959ed93e@app.fastmail.com>
 <CA+1FSighjAkOAtzyX3HBy4h0ZnTVckjF9adnWMpAR3m=xW0dUA@mail.gmail.com>
Date: Mon, 17 Jun 2024 22:35:48 +0000
From: "Dave Cottlehuber" <dch@skunkwerks.at>
To: "Mario Marietto" <marietto2008@gmail.com>
Cc: "Odhiambo Washington" <odhiambo@gmail.com>,
 freebsd-virtualization <freebsd-virtualization@freebsd.org>
Subject: Re: How to launch a bhyve vm as normal user,without being root
Content-Type: text/plain
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:209242, ipnet:103.168.172.0/24, country:US]
X-Rspamd-Queue-Id: 4W34VM2mPMz4bnN

On Mon, 17 Jun 2024, at 17:39, Mario Marietto wrote:
> [marietto@marietto /bhyve]==> sudo cp 12-Win-11-vm12 /usr/sbin

this filepath is /usr/sbin/12-Win-11-vm12

> permit nopass :wheel as root cmd /usr/sbin/bhyve-win

this file path is /usr/sbin/bhyve-win

these things need to be identical, like in the hallo example.

> permit nopass :wheel as root cmd /usr/sbin/bhyve-win

should be 

permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12

A+
Dave

From nobody Mon Jun 17 23:26:32 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W35dC6Shcz5M7tD
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 23:27:11 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com [IPv6:2607:f8b0:4864:20::1029])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W35dB39Mvz4gbB
	for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 23:27:10 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-pj1-x1029.google.com with SMTP id 98e67ed59e1d1-2c2eb5b1917so4184431a91.2
        for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 16:27:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1718666829; x=1719271629; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=WMWkcknBiUFIbYFCR2qdjgdq2sbMKbkt7d/KyDtDaMQ=;
        b=MOCJYkV75QId5EoAYOPFyhhfoEmKd+nM0tV5DA5bE/1b91M/VwViSJs11C7JxdxHwV
         zrbyGU/Wz+xSJU6ivX154GHts0JsoCit3dNZH99MEy6mFKRXF6yx96Ukkh/vjonSkdF3
         +n6+v+BQV8swq2JvwD7IP1Z0M42nTgBR8OhDFwBJr4rPZMKBkEi+DWqNKiAA23Hg+LO+
         fHMU2n5/fFBJWU+YZ7/CCFXje3zkKVU9oUb/dJW6EsV1glr8Nu3XT5PiVRtOTe+eBVEH
         eAwSkYCOY5aMNsX8vxeHzX0jEZWvGfdif3Q1nCDUBNGe9lAd1PT5Rvf9ms6JaU5mCgyp
         WJmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1718666829; x=1719271629;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=WMWkcknBiUFIbYFCR2qdjgdq2sbMKbkt7d/KyDtDaMQ=;
        b=WcQl6HqzSleYUoV4UD0uxr2AiyOLWw2Eu9eL5ZTZP0Njxtvq+loowIiDtxLVDwqeMG
         3Xd60j0/XpUwnyCsw0LsgrycqYSf3c0/pLVYzMbxSydPbjtWDGBqoICeAao5wKbYUdha
         VnI7xmwk+X2pa5Af5moUZvJCvhgOETPXdmauR4Zg+TSIGKObNyKJwSJLToRQBJ2JKlSR
         giHapWK1gRCCaRSNgB9LqI9a01v6fFC+OQ0boTq1X4SDgJng/rTdVQF9rAkyps9sCduI
         eIDKN6KOF/F7tUI+e0MKANJKsfuUBBiOtXHL6VY3lS+JRQ/sRoW3BH2qVXOdywjU+6yZ
         UJzw==
X-Forwarded-Encrypted: i=1; AJvYcCWnRRaaFecfdrSr7ymMhBiLT2J55X7aK0IoF4cs6O5WjXQCeucHFKEvxem69Am3LUDIzPNz5AmV6BXxV5wv4gMW65T8ma1chR0fsm3H85CK7sR8
X-Gm-Message-State: AOJu0YzX4RhL9A7fhW3Q8K24pNaG84rFdM2tywSUr9HmUpc72Z2YNaKX
	kfI00XODMKwM/n7PkkIdHgQT3hMJaOUxsGs8VMfBljWiNUK+s51qIVe5UOvfzk28f+AFPkN5zSt
	rQadHrne4jhq5APdrU98CKQFbtXU=
X-Google-Smtp-Source: AGHT+IHG4TLVdV0zG3R7qU7NWA2SRdoRhAp6cDxofi7qKJJ26cyd4bAEouHq5Fvvt82YqeHLzsxwZ/D7MtIqFGQhgN4=
X-Received: by 2002:a17:90a:8b08:b0:2c3:11fb:a163 with SMTP id
 98e67ed59e1d1-2c4db131a71mr11641140a91.6.1718666828902; Mon, 17 Jun 2024
 16:27:08 -0700 (PDT)
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
References: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
 <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
 <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com>
 <86a551c1-7f10-450d-a282-b33f959ed93e@app.fastmail.com> <CA+1FSighjAkOAtzyX3HBy4h0ZnTVckjF9adnWMpAR3m=xW0dUA@mail.gmail.com>
 <2245d71d-33a0-49ee-9648-e3e6b9a96ae0@app.fastmail.com>
In-Reply-To: <2245d71d-33a0-49ee-9648-e3e6b9a96ae0@app.fastmail.com>
From: Mario Marietto <marietto2008@gmail.com>
Date: Tue, 18 Jun 2024 01:26:32 +0200
Message-ID: <CA+1FSiguSV08+EHEE8qOBRy2mz-eTW-cz0qj1PQvtfg9fTEthw@mail.gmail.com>
Subject: Re: How to launch a bhyve vm as normal user,without being root
To: Dave Cottlehuber <dch@skunkwerks.at>
Cc: Odhiambo Washington <odhiambo@gmail.com>, 
	freebsd-virtualization <freebsd-virtualization@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000d2fa98061b1e4d9c"
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Queue-Id: 4W35dB39Mvz4gbB

--000000000000d2fa98061b1e4d9c
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

I want to keep the bhyve scripts in /bhyve and I've added the path /bhyve
to /home/marietto/.zshrc and on /root/.zshrc like this :

# sudo nano /home/marietto/.zshrc

export PATH=3D/bhyve:$PATH
# zsh autocompletion for sudo and doas
zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
/usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve


and in /root/.zshrc :

# sudo nano /root/.zshrc

export PATH=3D/bhyve:$PATH
# zsh autocompletion for sudo and doas
zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
/usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve


with :

nano /usr/local/etc/doas.conf :

permit nopass :wheel as root cmd bhyve-win
permit nopass :wheel as root cmd bhyve-lin
permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12


but when I try to run the vm like this :

[marietto@marietto /bhyve]=3D=3D> doas 10-Debian-Now_wine-tkg-vm10


it says :

doas: Operation not permitted


even if /bhyve is in $PATH :

[marietto@marietto /bhyve]=3D=3D> echo $PATH
/bhyve:/home/marietto/bin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr=
/local/sbin


and it is also on :

zstyle ":completion:*:(sudo|su|doas):*" command-path


If I keep the bhyve scripts in /usr/sbin,it works. But I want to keep the
bhyve scripts in /bhyve.

I found how it works :

[marietto@marietto /bhyve]=3D=3D> doas /bhyve/12-Win-11-vm12

I expect that this :

[marietto@marietto /bhyve]=3D=3D> doas 12-Win-11-vm12

works. And I would like to use it instead of doing : doas
/bhyve/12-Win-11-vm12.



On Tue, Jun 18, 2024 at 12:36=E2=80=AFAM Dave Cottlehuber <dch@skunkwerks.a=
t> wrote:

> On Mon, 17 Jun 2024, at 17:39, Mario Marietto wrote:
> > [marietto@marietto /bhyve]=3D=3D> sudo cp 12-Win-11-vm12 /usr/sbin
>
> this filepath is /usr/sbin/12-Win-11-vm12
>
> > permit nopass :wheel as root cmd /usr/sbin/bhyve-win
>
> this file path is /usr/sbin/bhyve-win
>
> these things need to be identical, like in the hallo example.
>
> > permit nopass :wheel as root cmd /usr/sbin/bhyve-win
>
> should be
>
> permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12
>
> A+
> Dave
>


--=20
Mario.

--000000000000d2fa98061b1e4d9c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I want to keep the bhyve scripts in /bhyve and I&#39;ve ad=
ded the path /bhyve to /home/marietto/.zshrc and on /root/.zshrc like this =
:<br>
<br>

=09
=09


<div>
	<div></div>
	<div dir=3D"ltr">
		<pre dir=3D"ltr"><code># sudo nano /home/marietto/.zshrc

export PATH=3D/bhyve:$PATH
# zsh autocompletion for sudo and doas
zstyle &quot;:completion:*:(sudo|su|doas):*&quot; command-path /usr/local/b=
in /usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve


and in /root/.zshrc :
<br>
# sudo nano /root/.zshrc

export PATH=3D/bhyve:$PATH
# zsh autocompletion for sudo and doas
zstyle &quot;:completion:*:(sudo|su|doas):*&quot; command-path /usr/local/b=
in /usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve</code></pre>
	</div>
</div><br>
with :<br>
<br>

=09
=09


<div>
	<div></div>
	<div dir=3D"ltr">
		<pre dir=3D"ltr"><code>nano /usr/local/etc/doas.conf :

permit nopass :wheel as root cmd bhyve-win
permit nopass :wheel as root cmd bhyve-lin
permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12</code></pre>
	</div>
</div><br>
but when I try to run the vm like this :<br>
<br>

=09
=09


<div>
	<div></div>
	<div dir=3D"ltr">
		<pre dir=3D"ltr"><code>[marietto@marietto /bhyve]=3D=3D&gt; doas 10-Debia=
n-Now_wine-tkg-vm10</code></pre>
	</div>
</div><br>
it says :<br>
<br>

=09
=09


<div>
	<div></div>
	<div dir=3D"ltr">
		<pre dir=3D"ltr">doas: Operation not permitted</pre>
	</div>
</div><br>
even if /bhyve is in $PATH :<br>
<br>

=09
=09


<div>
	<div></div>
	<div dir=3D"ltr">
		<pre dir=3D"ltr"><code>[marietto@marietto /bhyve]=3D=3D&gt; echo $PATH   =
          =20
/bhyve:/home/marietto/bin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr=
/local/sbin</code></pre>
	</div>
</div><br>
and it is also on :<br>
<br>

=09
=09


<div>
	<div></div>
	<div dir=3D"ltr">
		<pre dir=3D"ltr"><code>zstyle &quot;:completion:*:(sudo|su|doas):*&quot; =
command-path</code></pre>
	</div>
</div><br>If I keep the bhyve scripts in /usr/sbin,it works. But I want to =
keep the bhyve scripts in /bhyve.<br>
<br> I found how it works :<br>
<br>

=09
=09


<div><div dir=3D"ltr">
		<pre dir=3D"ltr"><code>[marietto@marietto /bhyve]=3D=3D&gt; doas /bhyve/1=
2-Win-11-vm12<br><br></code></pre><div> I expect that this :<br></div><div>=
<br></div><div><span class=3D"gmail-im"><div>[marietto@marietto /bhyve]=3D=
=3D&gt; doas 12-Win-11-vm12</div><div><br></div></span><div>works. And I wo=
uld like to use it instead of doing : doas /bhyve/12-Win-11-vm12.</div><div=
></div><div><br><br></div></div>
	</div>
</div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_=
attr">On Tue, Jun 18, 2024 at 12:36=E2=80=AFAM Dave Cottlehuber &lt;<a href=
=3D"mailto:dch@skunkwerks.at" target=3D"_blank">dch@skunkwerks.at</a>&gt; w=
rote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0p=
x 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Mon, 17=
 Jun 2024, at 17:39, Mario Marietto wrote:<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo cp 12-Win-11-vm12 /usr/sbin<=
br>
<br>
this filepath is /usr/sbin/12-Win-11-vm12<br>
<br>
&gt; permit nopass :wheel as root cmd /usr/sbin/bhyve-win<br>
<br>
this file path is /usr/sbin/bhyve-win<br>
<br>
these things need to be identical, like in the hallo example.<br>
<br>
&gt; permit nopass :wheel as root cmd /usr/sbin/bhyve-win<br>
<br>
should be <br>
<br>
permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12<br>
<br>
A+<br>
Dave<br>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>

--000000000000d2fa98061b1e4d9c--

From nobody Tue Jun 18 06:53:11 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W3HXY5TXnz5NSFf
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Tue, 18 Jun 2024 06:53:49 +0000 (UTC)
	(envelope-from odhiambo@gmail.com)
Received: from mail-ot1-x331.google.com (mail-ot1-x331.google.com [IPv6:2607:f8b0:4864:20::331])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W3HXY05mMz4jr5
	for <freebsd-virtualization@freebsd.org>; Tue, 18 Jun 2024 06:53:49 +0000 (UTC)
	(envelope-from odhiambo@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-ot1-x331.google.com with SMTP id 46e09a7af769-6f978caf8bbso2076179a34.0
        for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 23:53:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1718693628; x=1719298428; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=jOnd5+ksUr0dorfBtZut/87bfmfZhBFBB+qDXjndqNA=;
        b=ZdpC1ElYE7sNMV71sLabXOon9Gy8BnX7UG8Oz373bBxDAHX3A5J/EOlKGbI7vM8vPD
         l7GwtKwg5+rGMKyo0HhsYG51QwhF5QsaPQiPXxj0zFPiyA5ERUZj+pn0lN89ergnCWbl
         rEUj69tzm9LxiFLWzQUtXZkVcC4XnS1VfApKumoP10/UYSCSdDZ3gI3WWfHeIgWWpdKX
         ANMi6IrIISFGXUKtfDUo30D9R/qM7RMFJl5j9FQ6cSZrEYobFbi/eVr0+gCNnCyI2ewj
         DDrFs2gsLwQIBuId4xdleOOmbShy1HeMFaGwmxCgcZl6PYuhtun7AfSG2bkNum6vKc7Z
         +ELA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1718693628; x=1719298428;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=jOnd5+ksUr0dorfBtZut/87bfmfZhBFBB+qDXjndqNA=;
        b=Vomp5Iz9+MYy5e4I2MX3WA+s6fupMmanDMbKBDKbMu7md3+idYPLA02sUG/sQBkflb
         RtwYUDAnLULewU2QmjmWNTlj5qT0FkZMI6PAYzLdttbc/4d59Qy74qOGezNEhuT+siEK
         Ct+/XDAY3haY5FdTXx0VrYwSNFs2jlNT9MEyerIbIwTxzvGqhbbY/1byRvv0Pw/16ikG
         HpOlDtm6KC0PsOiqD4JqKKIOKViWJmgtcCZ/3PlxJ2lNrq56mQauWkdjKXLtZwHA79/e
         cC/pmVs1jqUtKDzdhTANimnnEEye07w0q8JPQlyifUZU9vY3TRSIJWq78UX49kd7+GTe
         +WBw==
X-Gm-Message-State: AOJu0Yymp5xhiC40lNMiAymCQJFSkUdk07JBZpkq/cCEWPCLBaZBLbCD
	GOJq+LRqHk4maw3jXvit8EOX0w5GRxyz3IkxLHE2PdoARzvEDquVI0lIiCLzJQxmUMTAFEc1iaF
	inbOCJdDNl2bK7UnP2p84qbTUvsyb62S+jxeMQw==
X-Google-Smtp-Source: AGHT+IEoOGX9+xTN5vgiC4Q2yGRaarj/q5eVM4H04MgLT1zRJBpY756ZrbiZad2GuevXMbRZlCQmRYb0Yvt+173deuY=
X-Received: by 2002:a05:6870:e24a:b0:254:8bb9:d0c4 with SMTP id
 586e51a60fabf-25972de7908mr816077fac.15.1718693627765; Mon, 17 Jun 2024
 23:53:47 -0700 (PDT)
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
References: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
 <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
 <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com>
 <CAAdA2WMw49ySJWY4OMOh+tuEK7gUwjq2a92dsrpaAfYbkx_Upg@mail.gmail.com> <CA+1FSig=GAH0OSSVwbYSgG_XYjGcqV2g4X4cMCm777et=Vgg5w@mail.gmail.com>
In-Reply-To: <CA+1FSig=GAH0OSSVwbYSgG_XYjGcqV2g4X4cMCm777et=Vgg5w@mail.gmail.com>
From: Odhiambo Washington <odhiambo@gmail.com>
Date: Tue, 18 Jun 2024 09:53:11 +0300
Message-ID: <CAAdA2WMUX6E6VPhbtR9=Z9fp4_1e47A=izpiCBNDLsCU7zdtUA@mail.gmail.com>
Subject: Re: How to launch a bhyve vm as normal user,without being root
To: Mario Marietto <marietto2008@gmail.com>
Cc: FreeBSD virtualization <freebsd-virtualization@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000292e3e061b248b86"
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Queue-Id: 4W3HXY05mMz4jr5

--000000000000292e3e061b248b86
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

######/usr/local/etc/doas.conf#########################
permit :wheel
permit nopass keepenv :wheel
permit alice as root
permit keepenv bob as root
permit cindy as root cmd pkg args update
permit cindy as root cmd pkg args upgrade
permit nolog david as root cmd id
permit www as root cmd pfctl
permit nopass *wash* as root cmd bhyve

####### /usr/local/bhyve-vms/scripts/debian.sh##############
#!/usr/bin/env bash
if ! kldstat | grep -w vmm.ko
then
        kldload -v vmm
fi
if ! kldstat | grep -w nmdm.ko
then
        kldload -v nmdm
fi
/usr/sbin/bhyve -S -c sockets=3D2,cores=3D2,threads=3D2 -m 4G -w -H -A \
-s 0,hostbridge \
-s 4,ahci-hd,/usr/local/bhyve-vms/Debian/debian.img,bootindex=3D1 \
-s 5,virtio-net,tap3 \
-s 7,virtio-9p,sharename=3D/ \
-s 8,hda,play=3D/dev/dsp,rec=3D/dev/dsp \
-s 29,fbuf,tcp=3D0.0.0.0:5904,w=3D1600,h=3D950 \
-s 30,xhci,tablet \
-s 31,lpc -l com1,stdio \
-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \
debian

And all I do is `doas /usr/local/bhyve-vms/scripts/debian.sh`.


On Mon, Jun 17, 2024 at 6:46=E2=80=AFPM Mario Marietto <marietto2008@gmail.=
com>
wrote:

> Can you paste here the contents of doas.conf and debian.sh ? thanks.
>
> On Mon, Jun 17, 2024 at 5:35=E2=80=AFPM Odhiambo Washington <odhiambo@gma=
il.com>
> wrote:
>
>>
>>
>> On Mon, Jun 17, 2024 at 5:13=E2=80=AFPM Mario Marietto <marietto2008@gma=
il.com>
>> wrote:
>>
>>> Nice idea,but it does not work :
>>>
>>
>> It worked for me!
>>
>> I created a bash script file named debian.sh which contained all the
>> bhyve args to create the VM, then I just did:
>>
>> doas debian.sh
>>
>> And I actually successfully installed the VM and it's running
>>
>>
>> --
>> Best regards,
>> Odhiambo WASHINGTON,
>> Nairobi,KE
>> +254 7 3200 0004/+254 7 2274 3223
>>  In an Internet failure case, the #1 suspect is a constant: DNS.
>> "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-)
>> [How to ask smart questions:
>> http://www.catb.org/~esr/faqs/smart-questions.html]
>>
>
>
> --
> Mario.
>


--=20
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]

--000000000000292e3e061b248b86
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>######/usr/local/etc/doas.conf#######################=
##<br>permit :wheel<br>permit nopass keepenv :wheel<br>permit alice as root=
<br>permit keepenv bob as root<br>permit cindy as root cmd pkg args update<=
br>permit cindy as root cmd pkg args upgrade<br>permit nolog david as root =
cmd id<br>permit www as root cmd pfctl<br>permit nopass <b>wash</b> as root=
 cmd bhyve<br></div><div><br></div><div>####### /usr/local/bhyve-vms/script=
s/debian.sh##############</div><div>#!/usr/bin/env bash<br>if ! kldstat | g=
rep -w vmm.ko<br>then<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 kldload -v vmm<br>fi<b=
r>if ! kldstat | grep -w nmdm.ko<br>then<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 kld=
load -v nmdm<br>fi<br>/usr/sbin/bhyve -S -c sockets=3D2,cores=3D2,threads=
=3D2 -m 4G -w -H -A \<br>-s 0,hostbridge \<br>-s 4,ahci-hd,/usr/local/bhyve=
-vms/Debian/debian.img,bootindex=3D1 \<br>-s 5,virtio-net,tap3 \<br>-s 7,vi=
rtio-9p,sharename=3D/ \<br>-s 8,hda,play=3D/dev/dsp,rec=3D/dev/dsp \<br>-s =
29,fbuf,tcp=3D<a href=3D"http://0.0.0.0:5904" target=3D"_blank">0.0.0.0:590=
4</a>,w=3D1600,h=3D950 \<br>-s 30,xhci,tablet \<br>-s 31,lpc -l com1,stdio =
\<br>-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \<br>debian<br=
></div><div><br></div><div>And all I do is `doas /usr/local/bhyve-vms/scrip=
ts/debian.sh`.</div><div><br></div></div><br><div class=3D"gmail_quote"><di=
v dir=3D"ltr" class=3D"gmail_attr">On Mon, Jun 17, 2024 at 6:46=E2=80=AFPM =
Mario Marietto &lt;<a href=3D"mailto:marietto2008@gmail.com" target=3D"_bla=
nk">marietto2008@gmail.com</a>&gt; wrote:<br></div><blockquote class=3D"gma=
il_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,2=
04,204);padding-left:1ex"><div dir=3D"ltr">Can you paste here the contents =
of doas.conf and debian.sh ? thanks.<br></div><br><div class=3D"gmail_quote=
"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Jun 17, 2024 at 5:35=E2=80=
=AFPM Odhiambo Washington &lt;<a href=3D"mailto:odhiambo@gmail.com" target=
=3D"_blank">odhiambo@gmail.com</a>&gt; wrote:<br></div><blockquote class=3D=
"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(2=
04,204,204);padding-left:1ex"><div dir=3D"ltr"><div dir=3D"ltr"><br></div><=
br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon,=
 Jun 17, 2024 at 5:13=E2=80=AFPM Mario Marietto &lt;<a href=3D"mailto:marie=
tto2008@gmail.com" target=3D"_blank">marietto2008@gmail.com</a>&gt; wrote:<=
br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8e=
x;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"=
><div>Nice idea,but it does not work :</div></div></blockquote><div><br></d=
iv><div>It worked for me!</div><div><br></div><div>I created a bash script =
file named debian.sh which contained all the bhyve args to create the VM, t=
hen I just did:</div><div><br></div><div>doas debian.sh</div><div><br></div=
><div>And I actually successfully installed the VM and it&#39;s running</di=
v><div><br></div></div><div><br></div><span class=3D"gmail_signature_prefix=
">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature"><div dir=3D"ltr"=
><div dir=3D"ltr"><div>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<=
br>+254 7 3200 0004/+254 7 2274 3223</div><div><span style=3D"color:rgb(34,=
34,34)">=C2=A0In=C2=A0</span><span style=3D"color:rgb(34,34,34)">an Interne=
t failure case, the #1 suspect is a constant: DNS.</span><br>&quot;<span st=
yle=3D"font-size:12.8px">Oh, the cruft.</span><span style=3D"font-size:12.8=
px">&quot;,=C2=A0</span><span style=3D"font-size:12.8px">egrep -v &#39;^$|^=
.*#&#39;=C2=A0</span><span style=3D"background-color:rgb(34,34,34);color:rg=
b(238,238,238);font-family:&quot;Lucida Console&quot;,Consolas,&quot;Courie=
r New&quot;,monospace;font-size:13.6px">=C2=AF\_(=E3=83=84)_/=C2=AF</span><=
span style=3D"font-size:12.8px">=C2=A0:-)</span></div><div><span style=3D"f=
ont-size:12.8px">[How to ask smart questions:=C2=A0</span><span style=3D"fo=
nt-size:12.8px"><a href=3D"http://www.catb.org/~esr/faqs/smart-questions.ht=
ml" target=3D"_blank">http://www.catb.org/~esr/faqs/smart-questions.html</a=
>]</span></div></div></div></div></div>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>
</blockquote></div><br clear=3D"all"><div><br></div><span class=3D"gmail_si=
gnature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature"><d=
iv dir=3D"ltr"><div dir=3D"ltr"><div>Best regards,<br>Odhiambo WASHINGTON,<=
br>Nairobi,KE<br>+254 7 3200 0004/+254 7 2274 3223</div><div><span style=3D=
"color:rgb(34,34,34)">=C2=A0In=C2=A0</span><span style=3D"color:rgb(34,34,3=
4)">an Internet failure case, the #1 suspect is a constant: DNS.</span><br>=
&quot;<span style=3D"font-size:12.8px">Oh, the cruft.</span><span style=3D"=
font-size:12.8px">&quot;,=C2=A0</span><span style=3D"font-size:12.8px">egre=
p -v &#39;^$|^.*#&#39;=C2=A0</span><span style=3D"background-color:rgb(34,3=
4,34);color:rgb(238,238,238);font-family:&quot;Lucida Console&quot;,Consola=
s,&quot;Courier New&quot;,monospace;font-size:13.6px">=C2=AF\_(=E3=83=84)_/=
=C2=AF</span><span style=3D"font-size:12.8px">=C2=A0:-)</span></div><div><s=
pan style=3D"font-size:12.8px">[How to ask smart questions:=C2=A0</span><sp=
an style=3D"font-size:12.8px"><a href=3D"http://www.catb.org/~esr/faqs/smar=
t-questions.html" target=3D"_blank">http://www.catb.org/~esr/faqs/smart-que=
stions.html</a>]</span></div></div></div></div>

--000000000000292e3e061b248b86--

From nobody Tue Jun 18 08:09:45 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W3KDv4dxXz5NZ9M
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Tue, 18 Jun 2024 08:10:23 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Received: from mail-pj1-x1032.google.com (mail-pj1-x1032.google.com [IPv6:2607:f8b0:4864:20::1032])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W3KDv2M2nz4ns6
	for <freebsd-virtualization@freebsd.org>; Tue, 18 Jun 2024 08:10:23 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-pj1-x1032.google.com with SMTP id 98e67ed59e1d1-2c6e94131cfso481156a91.3
        for <freebsd-virtualization@freebsd.org>; Tue, 18 Jun 2024 01:10:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1718698222; x=1719303022; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=2tVYk65pVaoyKkfABNhRC/CJUoXUaiYz19/jdIuTE1s=;
        b=l+1GpFHNyPWTSYPSBU+Rc89Z+wS3hZVkrWDv+1px3agOW8JEsL4xXhQIdI0Tx0ThR6
         IAYjU2EEpVwJg/8lK5u8ymECvsslAebzQWIlN7I99fFUfkXVHo8oK6+ou9SXiQlE58Zw
         piUheltgmQrOvEotv50gYJYlNKX7qlYr6uiFYdTj1Tp3VRq5d092kKGB1UN/r3xlkz4H
         r1+cDNyaWxe7PlhnwtVciYrR6uK0zB9+yjw35YKGR+Tu1yDgamxOx3tbu2QoEduKucuY
         9+LabZmRzjQwOvufQffBiapX/dm0wUrFJvLqJxc+kwXPlkamb8Hvn0+nSH7t1L/0Jkrp
         LkDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1718698222; x=1719303022;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=2tVYk65pVaoyKkfABNhRC/CJUoXUaiYz19/jdIuTE1s=;
        b=F5Yr/UlnGojYhOmspwm+Qe2qg8SawemP7Cx8kM/UVgoyaH5VZ6BmIUxJlCuDSif94s
         DWBqFN52a0gjqkojdSV6gZD7Zc0vWAwm1r4bUUTDtdzWOQZCIy/8Fz91HAQyzA6I1AfN
         qi+f7u2HckW/GzhI9R8BopXIf8C6rU/04f6LPBMZrNwn6iRp1he75VyLI51Ywu2YfdS8
         okS+M5rRC1SnN9m1KiRtCOCAe5uyqPa1xzDYOX7HZQVYBAgxdK8sohzTYsEqCIJn8NT4
         0xjSXpUfVY8Apmr+CE068+fE5oPIgktqnKfeP4YzghQFVzYpSNwTaTQO2rTKw/G4CJnQ
         7DQQ==
X-Gm-Message-State: AOJu0YxpNtjVStUCGHURQuKnY1AqpgVAKd8TKLtNJuR2Xa8H5DlRFbXl
	qwyxcZcWN481L+VVyk4Gcz7XSU4BIMYtMDGzjc+K2QTCPTakcLQNbyQl9rUm2aUjEi9Rcj4C88O
	Ge0CNREzGvPVgA586grVXviVQu/o8vNWCXGk=
X-Google-Smtp-Source: AGHT+IHRV/vqPMmkv4NnakvDSmoDoL+b7Iz/HcnX8F3DKZTh3zDj4KICx1RgwkzRtbdQriww4yAYKlGChGzmcSJPvPA=
X-Received: by 2002:a17:90b:8d5:b0:2c2:cefc:abe2 with SMTP id
 98e67ed59e1d1-2c4dbb41b40mr14132473a91.31.1718698221782; Tue, 18 Jun 2024
 01:10:21 -0700 (PDT)
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
References: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
 <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
 <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com>
 <CAAdA2WMw49ySJWY4OMOh+tuEK7gUwjq2a92dsrpaAfYbkx_Upg@mail.gmail.com>
 <CA+1FSig=GAH0OSSVwbYSgG_XYjGcqV2g4X4cMCm777et=Vgg5w@mail.gmail.com> <CAAdA2WMUX6E6VPhbtR9=Z9fp4_1e47A=izpiCBNDLsCU7zdtUA@mail.gmail.com>
In-Reply-To: <CAAdA2WMUX6E6VPhbtR9=Z9fp4_1e47A=izpiCBNDLsCU7zdtUA@mail.gmail.com>
From: Mario Marietto <marietto2008@gmail.com>
Date: Tue, 18 Jun 2024 10:09:45 +0200
Message-ID: <CA+1FSihqrtz+W_X+Sc4dKPjQimMGtkmyQYDvdUWE0+4L=MdL8g@mail.gmail.com>
Subject: Re: How to launch a bhyve vm as normal user,without being root
To: Odhiambo Washington <odhiambo@gmail.com>
Cc: FreeBSD virtualization <freebsd-virtualization@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000fc5089061b259c17"
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Queue-Id: 4W3KDv2M2nz4ns6

--000000000000fc5089061b259c17
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

This is mine :

# permit :wheel
# permit nopass keepenv marietto
# permit nopass keepenv root as root

permit nopass marietto cmd qemu-system-x86_64-debian_fs
permit nopass marietto cmd qemu-system-x86_64_debian_now
permit nopass marietto cmd qemu-system-x86_64_debian_proxy
permit nopass marietto cmd qemu-system-x86_64_debian_warp
permit nopass marietto cmd qemu-system-x86_64-debian_tuxler
permit nopass marietto cmd zpool
permit nopass marietto cmd mount
permit nopass marietto cmd fsck

permit nopass marietto as root cmd /usr/sbin/bhyve-win
permit nopass marietto as root cmd /usr/sbin/bhyve-lin
permit nopass marietto as root cmd /bhyve/12-Win-11-vm12
permit nopass marietto as root cmd /bhyve/01-Ubuntu-2310-vm1
permit nopass marietto as root cmd /bhyve/10-Debian-Now_wine-tkg-vm10
permit nopass marietto as root cmd /bhyve/02-Ubuntu-2310-vm2-hidden

I prefer to run as root only some specific applications.


On Tue, Jun 18, 2024 at 8:53=E2=80=AFAM Odhiambo Washington <odhiambo@gmail=
.com>
wrote:

> ######/usr/local/etc/doas.conf#########################
> permit :wheel
> permit nopass keepenv :wheel
> permit alice as root
> permit keepenv bob as root
> permit cindy as root cmd pkg args update
> permit cindy as root cmd pkg args upgrade
> permit nolog david as root cmd id
> permit www as root cmd pfctl
> permit nopass *wash* as root cmd bhyve
>
> ####### /usr/local/bhyve-vms/scripts/debian.sh##############
> #!/usr/bin/env bash
> if ! kldstat | grep -w vmm.ko
> then
>         kldload -v vmm
> fi
> if ! kldstat | grep -w nmdm.ko
> then
>         kldload -v nmdm
> fi
> /usr/sbin/bhyve -S -c sockets=3D2,cores=3D2,threads=3D2 -m 4G -w -H -A \
> -s 0,hostbridge \
> -s 4,ahci-hd,/usr/local/bhyve-vms/Debian/debian.img,bootindex=3D1 \
> -s 5,virtio-net,tap3 \
> -s 7,virtio-9p,sharename=3D/ \
> -s 8,hda,play=3D/dev/dsp,rec=3D/dev/dsp \
> -s 29,fbuf,tcp=3D0.0.0.0:5904,w=3D1600,h=3D950 \
> -s 30,xhci,tablet \
> -s 31,lpc -l com1,stdio \
> -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \
> debian
>
> And all I do is `doas /usr/local/bhyve-vms/scripts/debian.sh`.
>
>
> On Mon, Jun 17, 2024 at 6:46=E2=80=AFPM Mario Marietto <marietto2008@gmai=
l.com>
> wrote:
>
>> Can you paste here the contents of doas.conf and debian.sh ? thanks.
>>
>> On Mon, Jun 17, 2024 at 5:35=E2=80=AFPM Odhiambo Washington <odhiambo@gm=
ail.com>
>> wrote:
>>
>>>
>>>
>>> On Mon, Jun 17, 2024 at 5:13=E2=80=AFPM Mario Marietto <marietto2008@gm=
ail.com>
>>> wrote:
>>>
>>>> Nice idea,but it does not work :
>>>>
>>>
>>> It worked for me!
>>>
>>> I created a bash script file named debian.sh which contained all the
>>> bhyve args to create the VM, then I just did:
>>>
>>> doas debian.sh
>>>
>>> And I actually successfully installed the VM and it's running
>>>
>>>
>>> --
>>> Best regards,
>>> Odhiambo WASHINGTON,
>>> Nairobi,KE
>>> +254 7 3200 0004/+254 7 2274 3223
>>>  In an Internet failure case, the #1 suspect is a constant: DNS.
>>> "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-)
>>> [How to ask smart questions:
>>> http://www.catb.org/~esr/faqs/smart-questions.html]
>>>
>>
>>
>> --
>> Mario.
>>
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
>  In an Internet failure case, the #1 suspect is a constant: DNS.
> "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-)
> [How to ask smart questions:
> http://www.catb.org/~esr/faqs/smart-questions.html]
>


--=20
Mario.

--000000000000fc5089061b259c17
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>This is mine :</div><div><br></div><div># permit :whe=
el</div># permit nopass keepenv marietto<br># permit nopass keepenv root as=
 root<br><br>permit nopass marietto cmd qemu-system-x86_64-debian_fs<br>per=
mit nopass marietto cmd qemu-system-x86_64_debian_now<br>permit nopass mari=
etto cmd qemu-system-x86_64_debian_proxy<br>permit nopass marietto cmd qemu=
-system-x86_64_debian_warp<br>permit nopass marietto cmd qemu-system-x86_64=
-debian_tuxler<br>permit nopass marietto cmd zpool<br>permit nopass mariett=
o cmd mount<br>permit nopass marietto cmd fsck<br><br>permit nopass mariett=
o as root cmd /usr/sbin/bhyve-win<br>permit nopass marietto as root cmd /us=
r/sbin/bhyve-lin<br>permit nopass marietto as root cmd /bhyve/12-Win-11-vm1=
2<br>permit nopass marietto as root cmd /bhyve/01-Ubuntu-2310-vm1<br>permit=
 nopass marietto as root cmd /bhyve/10-Debian-Now_wine-tkg-vm10<br><div>per=
mit nopass marietto as root cmd /bhyve/02-Ubuntu-2310-vm2-hidden</div><div>=
<br></div><div>I prefer to run as root only some specific applications. <br=
></div><br></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"g=
mail_attr">On Tue, Jun 18, 2024 at 8:53=E2=80=AFAM Odhiambo Washington &lt;=
<a href=3D"mailto:odhiambo@gmail.com">odhiambo@gmail.com</a>&gt; wrote:<br>=
</div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;b=
order-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><d=
iv>######/usr/local/etc/doas.conf#########################<br>permit :wheel=
<br>permit nopass keepenv :wheel<br>permit alice as root<br>permit keepenv =
bob as root<br>permit cindy as root cmd pkg args update<br>permit cindy as =
root cmd pkg args upgrade<br>permit nolog david as root cmd id<br>permit ww=
w as root cmd pfctl<br>permit nopass <b>wash</b> as root cmd bhyve<br></div=
><div><br></div><div>####### /usr/local/bhyve-vms/scripts/debian.sh########=
######</div><div>#!/usr/bin/env bash<br>if ! kldstat | grep -w vmm.ko<br>th=
en<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 kldload -v vmm<br>fi<br>if ! kldstat | gr=
ep -w nmdm.ko<br>then<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 kldload -v nmdm<br>fi<=
br>/usr/sbin/bhyve -S -c sockets=3D2,cores=3D2,threads=3D2 -m 4G -w -H -A \=
<br>-s 0,hostbridge \<br>-s 4,ahci-hd,/usr/local/bhyve-vms/Debian/debian.im=
g,bootindex=3D1 \<br>-s 5,virtio-net,tap3 \<br>-s 7,virtio-9p,sharename=3D/=
 \<br>-s 8,hda,play=3D/dev/dsp,rec=3D/dev/dsp \<br>-s 29,fbuf,tcp=3D<a href=
=3D"http://0.0.0.0:5904" target=3D"_blank">0.0.0.0:5904</a>,w=3D1600,h=3D95=
0 \<br>-s 30,xhci,tablet \<br>-s 31,lpc -l com1,stdio \<br>-l bootrom,/usr/=
local/share/uefi-firmware/BHYVE_UEFI.fd \<br>debian<br></div><div><br></div=
><div>And all I do is `doas /usr/local/bhyve-vms/scripts/debian.sh`.</div><=
div><br></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=
=3D"gmail_attr">On Mon, Jun 17, 2024 at 6:46=E2=80=AFPM Mario Marietto &lt;=
<a href=3D"mailto:marietto2008@gmail.com" target=3D"_blank">marietto2008@gm=
ail.com</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"=
margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-lef=
t:1ex"><div dir=3D"ltr">Can you paste here the contents of doas.conf and de=
bian.sh ? thanks.<br></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" =
class=3D"gmail_attr">On Mon, Jun 17, 2024 at 5:35=E2=80=AFPM Odhiambo Washi=
ngton &lt;<a href=3D"mailto:odhiambo@gmail.com" target=3D"_blank">odhiambo@=
gmail.com</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=
=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding=
-left:1ex"><div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gm=
ail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Jun 17, 2024 at 5:=
13=E2=80=AFPM Mario Marietto &lt;<a href=3D"mailto:marietto2008@gmail.com" =
target=3D"_blank">marietto2008@gmail.com</a>&gt; wrote:<br></div><blockquot=
e class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px s=
olid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div>Nice idea,but=
 it does not work :</div></div></blockquote><div><br></div><div>It worked f=
or me!</div><div><br></div><div>I created a bash script file named debian.s=
h which contained all the bhyve args to create the VM, then I just did:</di=
v><div><br></div><div>doas debian.sh</div><div><br></div><div>And I actuall=
y successfully installed the VM and it&#39;s running</div><div><br></div></=
div><div><br></div><span class=3D"gmail_signature_prefix">-- </span><br><di=
v dir=3D"ltr" class=3D"gmail_signature"><div dir=3D"ltr"><div dir=3D"ltr"><=
div>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254 7 3200 0004=
/+254 7 2274 3223</div><div><span style=3D"color:rgb(34,34,34)">=C2=A0In=C2=
=A0</span><span style=3D"color:rgb(34,34,34)">an Internet failure case, the=
 #1 suspect is a constant: DNS.</span><br>&quot;<span style=3D"font-size:12=
.8px">Oh, the cruft.</span><span style=3D"font-size:12.8px">&quot;,=C2=A0</=
span><span style=3D"font-size:12.8px">egrep -v &#39;^$|^.*#&#39;=C2=A0</spa=
n><span style=3D"background-color:rgb(34,34,34);color:rgb(238,238,238);font=
-family:&quot;Lucida Console&quot;,Consolas,&quot;Courier New&quot;,monospa=
ce;font-size:13.6px">=C2=AF\_(=E3=83=84)_/=C2=AF</span><span style=3D"font-=
size:12.8px">=C2=A0:-)</span></div><div><span style=3D"font-size:12.8px">[H=
ow to ask smart questions:=C2=A0</span><span style=3D"font-size:12.8px"><a =
href=3D"http://www.catb.org/~esr/faqs/smart-questions.html" target=3D"_blan=
k">http://www.catb.org/~esr/faqs/smart-questions.html</a>]</span></div></di=
v></div></div></div>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>
</blockquote></div><br clear=3D"all"><div><br></div><span class=3D"gmail_si=
gnature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature"><d=
iv dir=3D"ltr"><div dir=3D"ltr"><div>Best regards,<br>Odhiambo WASHINGTON,<=
br>Nairobi,KE<br>+254 7 3200 0004/+254 7 2274 3223</div><div><span style=3D=
"color:rgb(34,34,34)">=C2=A0In=C2=A0</span><span style=3D"color:rgb(34,34,3=
4)">an Internet failure case, the #1 suspect is a constant: DNS.</span><br>=
&quot;<span style=3D"font-size:12.8px">Oh, the cruft.</span><span style=3D"=
font-size:12.8px">&quot;,=C2=A0</span><span style=3D"font-size:12.8px">egre=
p -v &#39;^$|^.*#&#39;=C2=A0</span><span style=3D"background-color:rgb(34,3=
4,34);color:rgb(238,238,238);font-family:&quot;Lucida Console&quot;,Consola=
s,&quot;Courier New&quot;,monospace;font-size:13.6px">=C2=AF\_(=E3=83=84)_/=
=C2=AF</span><span style=3D"font-size:12.8px">=C2=A0:-)</span></div><div><s=
pan style=3D"font-size:12.8px">[How to ask smart questions:=C2=A0</span><sp=
an style=3D"font-size:12.8px"><a href=3D"http://www.catb.org/~esr/faqs/smar=
t-questions.html" target=3D"_blank">http://www.catb.org/~esr/faqs/smart-que=
stions.html</a>]</span></div></div></div></div>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>

--000000000000fc5089061b259c17--

From nobody Sat Jun 22 01:17:54 2024
X-Original-To: virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W5bv65rkcz5Nhd4
	for <virtualization@mlmmj.nyi.freebsd.org>; Sat, 22 Jun 2024 01:17:54 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W5bv60VJsz4vVt
	for <virtualization@FreeBSD.org>; Sat, 22 Jun 2024 01:17:54 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1719019074; a=rsa-sha256; cv=none;
	b=WazllhmalkwpDg/8BVRxG/N5mZLKk33OUgXwohpHwl9CgJg+raYUNU2G0X5W5JcCk6kUzE
	vVTlJcV0ErFEy7buJtVkeGK00b42He0Zs4xC2XKa5m25xz+fRT3nr64/X888uUt4Sf58/0
	261vpGUcFubNg/fwom/8BNCrzEpGIdTJKeJ92yVAgb5oWzhj5InJDvZv7KTGnxTcAvUeSV
	l9KG5n3Q5hJt2BsaPsWg2BHCveAkvl5HOhFH8N04WD2+U/pSUdrnEKpmqQoasiSieQpfvN
	UFlyXx9ussxzRUBbPBuXjWwedXoXvectNzbLXHbCZ9qgAcHlUgL1s4927Nupew==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1719019074;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=c8UMLIkb5Yaoy6UZDLtmNQXZCSe9SesEhmGZjRSmjQ8=;
	b=bd4vOW9wRF+iN8IkfgnfFGtMTVutv+gO+Aiz4mzSxHTrqLIS4El+GtA1E73ksbh66NfKG9
	dOFcJV6pL9SgUb3JJKWrrlSTzR+7c/OcfHB+49O1VzFgZDWYJDhAv01bqZOJVZq0JbChLj
	xO6WON3Odm/Cs0jul2mSdEouaL71UvwXjEMYTOo3ptCgVozlns6DOX8uRJ6zoGR5grqM0M
	/3MkDKZcHEKS1dWEnsvIXG97TlqesGyw1quAASVGzaB+i2nNopq1Qg/1bKWZ984k/+utYB
	VnpmBvDXWn+CkoVx30tCiMgs277yQKkEi9WxchmP0JDZipxBr2VIwWw6bQxSKQ==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4W5bv605fBzWTF
	for <virtualization@FreeBSD.org>; Sat, 22 Jun 2024 01:17:54 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 45M1Hrjc026853
	for <virtualization@FreeBSD.org>; Sat, 22 Jun 2024 01:17:53 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 45M1HrM4026852
	for virtualization@FreeBSD.org; Sat, 22 Jun 2024 01:17:53 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: virtualization@FreeBSD.org
Subject: [Bug 279901] glibc-2.39-2 and above on the host segfault
Date: Sat, 22 Jun 2024 01:17:54 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bhyve
X-Bugzilla-Version: 14.1-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: holo@libsharedobject.so
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: virtualization@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-279901-27103@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279901

            Bug ID: 279901
           Summary: glibc-2.39-2 and above on the host segfault
           Product: Base System
           Version: 14.1-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bhyve
          Assignee: virtualization@FreeBSD.org
          Reporter: holo@libsharedobject.so

Reproduction steps:

1. get current arch iso (or other rolling release linux). The following will
deal with archlinux
2. boot install medium inside the bhyve vm, and attempt to run any of: [vim,
python3, archinstall, gdb (if installed), localedef]
3. all of the above will crash with a segfault (sigsev) and error 4 (cause =
was
a user-mode read resulting in no page being found.)
4. downgrading to glibc-2.39-1 fixes all of the above applications, though =
in
the case of bootstrapping scripts like archinstall, this can be fail to work
if, for instance, the script re-downloads glibc.

Existing board post discussing this:
https://bbs.archlinux.org/viewtopic.php?id=3D295802

offending commit:
https://sourceware.org/git/?p=3Dglibc.git;a=3Dcommit;h=3Daa4249266e9906c4bc=
833e4847f4d8feef59504f

Affects:
- Ryzen 5 7600, possibly more AMD Zen3 & Zen4 CPUs

Last working version:
- linux glibc-2.39-1

Relevant /boot/loader.conf:
vmm_load=3D"YES"
hw.vmm.amdvi.enable=3D"1"

Relevant /etc/rc.conf:
vm_enable=3D"YES"
vm_dir=3D"zfs:zroot/vm"

vm-bhyve configuration file:
loader=3D"uefi"
graphics=3D"yes"
xhci_mouse=3D"yes"

cpu=3D"8"
cpu_sockets=3D"1"
cpu_cores=3D"4"
cpu_threads=3D"2"

memory=3D"8G"

ahci_device_limit=3D"8"

network0_type=3D"virtio-net"
network0_switch=3D"public"

disk0_type=3D"nvme"
disk0_name=3D"disk0.img"

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From nobody Sat Jun 22 09:05:46 2024
X-Original-To: virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W5pGy4jTrz5PLFL
	for <virtualization@mlmmj.nyi.freebsd.org>; Sat, 22 Jun 2024 09:05:46 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W5pGy2jqQz4fws
	for <virtualization@FreeBSD.org>; Sat, 22 Jun 2024 09:05:46 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1719047146; a=rsa-sha256; cv=none;
	b=IT3v0Cnb/jCl2QIB1OV+z8Vm8DL43S2GMK4ZC2v0fntAB6CRI2Z3fWkehplV6AK2DKaA/h
	4V8/860PMJLti0D+h2+fIdGJB9fJVaLJwy5oVXuL1eAoQQMT7RWbCdzgpAUDXP7BGfVgEw
	BaIBvCNyQ0kCWZRjqNjrr3b7ncLaRy+eyl3xwLm3XjU70MBbj0flvQt7OxJwGIA9jpicR9
	GJfXd7yGNjbcyFou3e6kjyAhZyya4vJgYD0kTWImU50IX/oX+SggWsbw/o6/vJhw1X/JO9
	+MxlCr7a4jHuB/pThZlgB+Uq3XANiqQKDVDSvc0RimihSoXG79SQxjWOdqsvuw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1719047146;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=ZZlHmIP2wpTSw7RTnU6xR0ofgSgncPLrqyoKHWr7N1k=;
	b=lBRFDQKuhb/FHzLWJpi6xRZONHGAGBh8uBdYk/pjsK47UFCp2HAetLSR0bN0Uk0BLlJdz8
	8a2e0uw2ctFod5dYiA16t2lTLwupcN4hGSe98WGK9CeUwJeOIR6L6zTN1TpnOFD4EMzgwG
	9YRukrArr4CHyMUzBALKwlFMEfGmAKyYDvym6fq5uIxpTxgoWZe6rL+u5TBnQ2OuR3eECC
	KfFye62m2rEVA7QJSBVg1kJ4pwHHoiAS3mFYhKbQbchUbsQnPp4igtTpw+UZ4JeFsmLQSN
	c3vy61faeHyQBYqV38y2jZnIMDsH6RNuMTVMQPfzRUsJ93Z+rfQJEcOLM2rD3g==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4W5pGy26qJzljD
	for <virtualization@FreeBSD.org>; Sat, 22 Jun 2024 09:05:46 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 45M95kXA002343
	for <virtualization@FreeBSD.org>; Sat, 22 Jun 2024 09:05:46 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 45M95khM002341
	for virtualization@FreeBSD.org; Sat, 22 Jun 2024 09:05:46 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: virtualization@FreeBSD.org
Subject: [Bug 279887] 9pfs kernel page fault on shutdown on a bhyveload(8) or
 UEFI-booted FreeBSD VM
Date: Sat, 22 Jun 2024 09:05:46 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 15.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: virtualization@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: assigned_to
Message-ID: <bug-279887-27103-bZOIh3e2RD@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-279887-27103@https.bugs.freebsd.org/bugzilla/>
References: <bug-279887-27103@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279887

Mark Linimon <linimon@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|bugs@FreeBSD.org            |virtualization@FreeBSD.org

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From nobody Sat Jun 22 20:55:42 2024
X-Original-To: virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W662709ptz5P4Y5
	for <virtualization@mlmmj.nyi.freebsd.org>; Sat, 22 Jun 2024 20:55:43 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W662667NKz4Kx3
	for <virtualization@FreeBSD.org>; Sat, 22 Jun 2024 20:55:42 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1719089742; a=rsa-sha256; cv=none;
	b=MreV7w2SFglGUn4zJjrAXUWOsBX0+4p4IoLjJ4GbUhzCDtLZjmblxG7hkL58X+g9c/v7EM
	tYD6GyVOWBrPVhlBM4FYovNb1eq82NEKz6VRA5Snwpt9+TwG4PX/G2ANJtja5ciLsbYmin
	kPYeEUUb5cz3i8d1HLrq0/HRbkqyPEiO+KlPNDZU2yFfiO/eWA2Ueh+Mok9+pUh1z5NH2t
	xeVlIIHYrdV99xH2WmYL0f0/pFwn2Th55y5mjNTO9br8uU26DnR9pR8ePQor8w5dDVV261
	0hWFRqN/sN5GJN44MM+aRL0ACnEL8+TgVxLLSd4tkdmXRyK8/6fHvW/ImBne6g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1719089742;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=JdWcLAsJ8nBVBIqY7cVelfVMXXjo/n+myjJXD0pqAx0=;
	b=j9RSWGpOm6MVTEPOgTg3tzdoarowthZhCS50a0GbJMtNmHvMCUoZNHu23jvzR7q23Cv0OT
	UOzyjzx+ggV9ejuIYUgtBbfevmx7tSXCLVYljjKa2igoP7dS/37PqwjL2EeXGfgilp+mSe
	wE2u79hj4b/iADS9tHUnQ0EO8pgoVdTYpXCXUqzrJvEo//y53FtvSs3RnzkWzi29wFTQ3v
	EoldTHA09AX+Lc9zAvId25pitYcOKpqW4fPY8YlZL8fcUMIS5V4LXTfBAf3AZo9EXTludZ
	ZoJzWZa6B+vpyTZnuAS/DNrdgYzxW3A2/EHvZyM8zabhx2UzL7exvsWdUTraQA==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4W66265lb7z16Sb
	for <virtualization@FreeBSD.org>; Sat, 22 Jun 2024 20:55:42 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 45MKtgVh051625
	for <virtualization@FreeBSD.org>; Sat, 22 Jun 2024 20:55:42 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 45MKtgEX051624
	for virtualization@FreeBSD.org; Sat, 22 Jun 2024 20:55:42 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: virtualization@FreeBSD.org
Subject: [Bug 279729] virtualization/bhyve: we are forced to passthru the
 whole IOMMU group of a GPU and not the single slots.
Date: Sat, 22 Jun 2024 20:55:42 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bhyve
X-Bugzilla-Version: 14.0-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: marietto2008@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: virtualization@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-279729-27103-hlnm1JHoKJ@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-279729-27103@https.bugs.freebsd.org/bugzilla/>
References: <bug-279729-27103@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279729

--- Comment #1 from mario felicioni <marietto2008@gmail.com> ---
Has this bug been forgotten ?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From nobody Sun Jun 23 04:35:32 2024
X-Original-To: virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W6JDj5Y48z5NlcX
	for <virtualization@mlmmj.nyi.freebsd.org>; Sun, 23 Jun 2024 04:35:33 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W6JDj0NgCz3xjZ
	for <virtualization@FreeBSD.org>; Sun, 23 Jun 2024 04:35:33 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1719117333; a=rsa-sha256; cv=none;
	b=diyo53zYEiBLTfo9qutGSHYaoKm5YIuIaZp7MiepiXIDJBlip0rO9sZLv2U80pleBCfPzf
	m0KcMmWxiqqeoj5fWtVWh0Ze8+cD9RecfN3azTUDfrIu9e+Jad3fE+F/g6sEf0iQ3QBDaU
	NvhtHs37L6cA8Ce4KSTxl76kTSEbfJ811rqD5RXXg1vrccwGkD7DGf8rOM1bR4yUcgWj+X
	yIdy4cNAS85IzQrWDkspjU0CISKqkjunEk8j99HfKH+FHb1KNAwpN7RJ43OG8s1ZYMxBOY
	JlEnsKzDS6UmTXIX1XYCi+1SDoVZKb9EluVSUSan5/d9IAW5AApygNEpL4/E/g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1719117333;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=5fWvBXUljUuWS/tFYOoIUCggVLSRXuYdBFQC5POACOY=;
	b=cLSl/voyMjsi4cuo1k0fS//02No2b9v4mj2REnymly/90U1jzRqIlEN0wZrpRPvG8a1dip
	fgWZRDQCC+f2zY74Qf3J89amosQeyxWXduE/Of7DIiIoN4EwArcIAdHQ1Y2eTKyrffqCd4
	VH+jXPM8JwIrcXjEWFENsB8sam/xGWmPQPulVVTzf80QZUhm8y+g3+dxf4AjXzijDh8JaZ
	jFU+ooI4rLXEf5EV7GKkcket4XudQSWPGxXFcSXEWMFuiyJaz9l2TUrLTNm1oIKDem+cpZ
	hnAa2rt5LcV103M2HFE7Gmgrtg+uDXteui83n8jAeoE5wLDYYyIEeUKl4wSckg==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4W6JDh6zhtzKqY
	for <virtualization@FreeBSD.org>; Sun, 23 Jun 2024 04:35:32 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 45N4ZWga036320
	for <virtualization@FreeBSD.org>; Sun, 23 Jun 2024 04:35:32 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 45N4ZW0N036319
	for virtualization@FreeBSD.org; Sun, 23 Jun 2024 04:35:32 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: virtualization@FreeBSD.org
Subject: [Bug 279901] glibc-2.39-2 and above on the host segfault
Date: Sun, 23 Jun 2024 04:35:32 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bhyve
X-Bugzilla-Version: 14.1-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: ztennix@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: virtualization@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-279901-27103-YFVQbrP7tM@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-279901-27103@https.bugs.freebsd.org/bugzilla/>
References: <bug-279901-27103@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279901

tennix <ztennix@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ztennix@gmail.com

--- Comment #1 from tennix <ztennix@gmail.com> ---
Recently I was trying to install nixos-24.05 bhyve vm, the official iso cra=
shed
during boot. But 23.11 can be installed without any issues. By searching for
the glibc package in different nixos, the nixos-24.05 uses glibc 2.39-52 wh=
ile
nixos-23.11 uses glibc 2.38-77. I think this might be same issue.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From nobody Sun Jun 23 21:01:12 2024
X-Original-To: virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W6k610TVSz5NyXb
	for <virtualization@mlmmj.nyi.freebsd.org>; Sun, 23 Jun 2024 21:01:13 +0000 (UTC)
	(envelope-from bugzilla-noreply@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W6k604Ddsz4SSP
	for <virtualization@FreeBSD.org>; Sun, 23 Jun 2024 21:01:12 +0000 (UTC)
	(envelope-from bugzilla-noreply@FreeBSD.org)
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1719176472; a=rsa-sha256; cv=none;
	b=VddWC+AuDx95L3SKayO1c5Utjcrg+c6WSkcUUW4bPckdidqeaaR0iGRK7p2n8S5grgXPLA
	ixV5pL1F1PfzaBtZmbJ1ESmAk5emA365j4odrq4QeO9E9QcFKlo5cSiobQRQ2IGrPUwZTo
	SDxE1YtreC4Z1TFJkC6J/PCuTDn/3NyngEhp4w2y9tcjaa8FgGJ3dF5OkhOdipTcAw4t/n
	2IF4WjCG8jjfX/gTpf1zH3f6PtDoJsII1b3CGWBiQdiC4ttz1/PkGwdvSOyZNIkl4TZfqQ
	Cdbf+4Q+XxRVp/DED5VmO9ytZ/xfQ/EM8j4q8kbXmVvBOe9TSI2gq5qKq7weQA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1719176472;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=OCgfEi6TlrqaZ8rUtz5Yd/K4LgdN8FCFfUWvLaCXFaM=;
	b=sa6Ak6T6asX4T46HXQs/+i9gVDQ5wRz+hfbJ2JXGXnCIvFwQcNKVE6oAEYVb/4Y1Or3J2M
	G9oHqQsFq/nz/29UyEMDyeB37q+UG9hWkRwSMZ76nJytyWdeit7zbF2jRaXCsUd2wzyg7J
	p0oaYgWLyhhIcOHobwGGFTzm5RbHAyLmWwp8FGf8LJ5iUr77QleDYVgyzNXg1MMBoH3UeF
	vXZOSLKuu9mNkgrEWvSOZoLQyYboEeTOENA/XqtZJM6ciZ5f0dHe8M37IbNCZeRCz8i1sK
	SBPdnSIJ47UzxI195YThWuYAlAO/2AZGoiJVql9jBVQkgZQQFfo/smU95vd34A==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4W6k603qVbzq5D
	for <virtualization@FreeBSD.org>; Sun, 23 Jun 2024 21:01:12 +0000 (UTC)
	(envelope-from bugzilla-noreply@FreeBSD.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 45NL1Cw1028453
	for <virtualization@FreeBSD.org>; Sun, 23 Jun 2024 21:01:12 GMT
	(envelope-from bugzilla-noreply@FreeBSD.org)
Received: (from bugzilla@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 45NL1CiT028424
	for virtualization@FreeBSD.org; Sun, 23 Jun 2024 21:01:12 GMT
	(envelope-from bugzilla-noreply@FreeBSD.org)
Message-Id: <202406232101.45NL1CiT028424@kenobi.freebsd.org>
X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f
From: bugzilla-noreply@FreeBSD.org
To: virtualization@FreeBSD.org
Subject: Problem reports for virtualization@FreeBSD.org that need special
 attention
Date: Sun, 23 Jun 2024 21:01:12 +0000
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="17191764724.6ae8.18764"
Content-Transfer-Encoding: 7bit


--17191764724.6ae8.18764
Date: Sun, 23 Jun 2024 21:01:12 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"

To view an individual PR, use:
  https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id).

The following is a listing of current problems submitted by FreeBSD users,
which need special attention. These represent problem reports covering
all versions including experimental development code and obsolete releases.

Status      |    Bug Id | Description
------------+-----------+---------------------------------------------------
Open        |    264267 | UEFI Booting on Azure Generation 2 VMs crashes    

1 problems total for which you should take action.

--17191764724.6ae8.18764
Date: Sun, 23 Jun 2024 21:01:12 +0000
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"

<pre style="font-family: monospace;">
The following is a listing of current problems submitted by FreeBSD users,
which need special attention. These represent problem reports covering
all versions including experimental development code and obsolete releases.

Status      |    Bug Id | Description
------------+-----------+---------------------------------------------------
Open        |    <a href="https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264267">264267</a> | <a href="https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264267">UEFI Booting on Azure Generation 2 VMs crashes</a>

1 problems total for which you should take action.
</pre>
--17191764724.6ae8.18764--

From nobody Sun Jun 23 23:20:00 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W6nBC4QKBz5PCqQ
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Sun, 23 Jun 2024 23:20:03 +0000 (UTC)
	(envelope-from hartzell@alerce.com)
Received: from corvid.alerce.com (corvid.alerce.com [206.125.171.163])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W6nBB6m59z4glr
	for <freebsd-virtualization@freebsd.org>; Sun, 23 Jun 2024 23:20:02 +0000 (UTC)
	(envelope-from hartzell@alerce.com)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=alerce.com header.s=dkim header.b=KRzwx4MM;
	dmarc=pass (policy=none) header.from=alerce.com;
	spf=pass (mx1.freebsd.org: domain of hartzell@alerce.com designates 206.125.171.163 as permitted sender) smtp.mailfrom=hartzell@alerce.com
Received: from postfix.alerce.com (65-130-43-130.slkc.qwest.net [65.130.43.130])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by corvid.alerce.com (Postfix) with ESMTPSA id 014A9FD3CB
	for <freebsd-virtualization@freebsd.org>; Sun, 23 Jun 2024 16:29:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alerce.com; s=dkim;
	t=1719185387; h=from:from:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:  content-transfer-encoding:content-transfer-encoding;
	bh=4Wrx4jGe3FsUBTIyU8uXWLEaBpkOQxeI5FgCrQ4Flvs=;
	b=KRzwx4MMrKVAQr23AQiUrd5zJaUOtlpAmSsmZQ1RWmZXXzOmK+2Cv5aivJ2d0yJi8sISgG
	EptxRbHNiROxcyhL+oAS4fqt4hOu3Hdx7koCu72sQrGFqmwI5w8ZE09wDJzEaLgHoHTDHJ
	wI/M0tsuY6aTcWKBcce9EVo9dTuiYgHe9ZbNCNflyZ00o0OJV2k0PfRT/ieexNqS54swSQ
	xo+kAUnJa3aZMB2fnsgRBOALftf9u34FzwlCSUsbt/ejAh99qE7ctAM87eu99EdctnyjHT
	XPZPRfnGqw4zFHVvIc3F0WkIx3QTNVhIoJg4hb/f9XCkgUMNuYysJC2vdzyewQ==
Received: by postfix.alerce.com (Postfix, from userid 502)
	id DEA7F31FFE72; Sun, 23 Jun 2024 17:20:00 -0600 (MDT)
From: George Hartzell <hartzell@alerce.com>
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <26232.44448.864451.216491@gargle.gargle.HOWL>
Date: Sun, 23 Jun 2024 17:20:00 -0600
To: freebsd-virtualization@freebsd.org
Subject: Problem with TinyCore Linux in Bhyve in TrueNas
X-Mailer: VM undefined under 29.1 (aarch64-apple-darwin23.1.0)
Reply-To: hartzell@alerce.com
X-Spamd-Bar: ---
X-Spamd-Result: default: False [-3.99 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.99)[-0.992];
	DMARC_POLICY_ALLOW(-0.50)[alerce.com,none];
	R_SPF_ALLOW(-0.20)[+mx:c];
	R_DKIM_ALLOW(-0.20)[alerce.com:s=dkim];
	MIME_GOOD(-0.10)[text/plain];
	RCPT_COUNT_ONE(0.00)[1];
	ASN(0.00)[asn:25795, ipnet:206.125.168.0/21, country:US];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	MIME_TRACE(0.00)[0:+];
	ARC_NA(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-virtualization@freebsd.org];
	RCVD_TLS_LAST(0.00)[];
	REPLYTO_ADDR_EQ_FROM(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	FROM_HAS_DN(0.00)[];
	HAS_REPLYTO(0.00)[hartzell@alerce.com];
	RCVD_COUNT_TWO(0.00)[2];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	TO_DN_NONE(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-virtualization@freebsd.org];
	DKIM_TRACE(0.00)[alerce.com:+]
X-Rspamd-Queue-Id: 4W6nBB6m59z4glr


I have a TrueNAS Core system running TrueNAS-13.0-U6.1.

I'm trying to install TinyCore Linux in a VM.  I've tried various
images, just repeated the experiment with the 17MB Core image from
http://tinycorelinux.net/downloads.html (sha256: e2d98595cf62133df71516602c12aa685c6b4da19db3068d150e4946415d0d86  Core-current.iso).

When I run through the configuration menu, generally taking the
defaults, in particular choosing UEFI boot, I end up at the UEFI shell
menu (in both VNC and the serial shell window).

Trying the UEFI-CSM boot setting I end up with "connected" in the
serial console window but nothing and no response to the keyboard.

Trying grub boot setting gets me a message from the UI that says:

    > [EFAULT] Unable to find boot devices for '1_tc' domain

I've booted Alpine Linux in UEFI mode w/out any issues.

Any suggestions for next steps?

Thanks,

g.