From owner-freebsd-virtualization@freebsd.org  Thu Oct 27 15:17:27 2016
Return-Path: <owner-freebsd-virtualization@freebsd.org>
Delivered-To: freebsd-virtualization@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 973A9C248C5
 for <freebsd-virtualization@mailman.ysv.freebsd.org>;
 Thu, 27 Oct 2016 15:17:27 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 80FC07CC
 for <freebsd-virtualization@FreeBSD.org>; Thu, 27 Oct 2016 15:17:27 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u9RFHReO043650
 for <freebsd-virtualization@FreeBSD.org>; Thu, 27 Oct 2016 15:17:27 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-virtualization@FreeBSD.org
Subject: [Bug 213689] Allow bhyve to run from non-root user
Date: Thu, 27 Oct 2016 15:17:27 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: grehan@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-virtualization@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-213689-27103-mdSHP4tdr1@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-213689-27103@https.bugs.freebsd.org/bugzilla/>
References: <bug-213689-27103@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-virtualization@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Discussion of various virtualization techniques FreeBSD supports."
 <freebsd-virtualization.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-virtualization>, 
 <mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization/>
List-Post: <mailto:freebsd-virtualization@freebsd.org>
List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, 
 <mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2016 15:17:27 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D213689

--- Comment #3 from Peter Grehan <grehan@FreeBSD.org> ---
Thanks for this work.

Unfortunately, there are a number of other changes in bhyve that need to be
done before it can be run as non-root. Sandboxing the process with capscium=
 and
other means is probably mandatory, but there is also the issue of accounting
for the use of guest memory in process resources, and destroying this on
process exit.

However, the work you've done with creating the VM through something other =
than
sysctl is the right way to do it, and a modified version of that will show =
up
at some point.

--=20
You are receiving this mail because:
You are the assignee for the bug.=