From nobody Mon Jun 17 23:26:32 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W35dC6Shcz5M7tD
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon, 17 Jun 2024 23:27:11 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com [IPv6:2607:f8b0:4864:20::1029])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W35dB39Mvz4gbB
	for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 23:27:10 +0000 (UTC)
	(envelope-from marietto2008@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-pj1-x1029.google.com with SMTP id 98e67ed59e1d1-2c2eb5b1917so4184431a91.2
        for <freebsd-virtualization@freebsd.org>; Mon, 17 Jun 2024 16:27:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1718666829; x=1719271629; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=WMWkcknBiUFIbYFCR2qdjgdq2sbMKbkt7d/KyDtDaMQ=;
        b=MOCJYkV75QId5EoAYOPFyhhfoEmKd+nM0tV5DA5bE/1b91M/VwViSJs11C7JxdxHwV
         zrbyGU/Wz+xSJU6ivX154GHts0JsoCit3dNZH99MEy6mFKRXF6yx96Ukkh/vjonSkdF3
         +n6+v+BQV8swq2JvwD7IP1Z0M42nTgBR8OhDFwBJr4rPZMKBkEi+DWqNKiAA23Hg+LO+
         fHMU2n5/fFBJWU+YZ7/CCFXje3zkKVU9oUb/dJW6EsV1glr8Nu3XT5PiVRtOTe+eBVEH
         eAwSkYCOY5aMNsX8vxeHzX0jEZWvGfdif3Q1nCDUBNGe9lAd1PT5Rvf9ms6JaU5mCgyp
         WJmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1718666829; x=1719271629;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=WMWkcknBiUFIbYFCR2qdjgdq2sbMKbkt7d/KyDtDaMQ=;
        b=WcQl6HqzSleYUoV4UD0uxr2AiyOLWw2Eu9eL5ZTZP0Njxtvq+loowIiDtxLVDwqeMG
         3Xd60j0/XpUwnyCsw0LsgrycqYSf3c0/pLVYzMbxSydPbjtWDGBqoICeAao5wKbYUdha
         VnI7xmwk+X2pa5Af5moUZvJCvhgOETPXdmauR4Zg+TSIGKObNyKJwSJLToRQBJ2JKlSR
         giHapWK1gRCCaRSNgB9LqI9a01v6fFC+OQ0boTq1X4SDgJng/rTdVQF9rAkyps9sCduI
         eIDKN6KOF/F7tUI+e0MKANJKsfuUBBiOtXHL6VY3lS+JRQ/sRoW3BH2qVXOdywjU+6yZ
         UJzw==
X-Forwarded-Encrypted: i=1; AJvYcCWnRRaaFecfdrSr7ymMhBiLT2J55X7aK0IoF4cs6O5WjXQCeucHFKEvxem69Am3LUDIzPNz5AmV6BXxV5wv4gMW65T8ma1chR0fsm3H85CK7sR8
X-Gm-Message-State: AOJu0YzX4RhL9A7fhW3Q8K24pNaG84rFdM2tywSUr9HmUpc72Z2YNaKX
	kfI00XODMKwM/n7PkkIdHgQT3hMJaOUxsGs8VMfBljWiNUK+s51qIVe5UOvfzk28f+AFPkN5zSt
	rQadHrne4jhq5APdrU98CKQFbtXU=
X-Google-Smtp-Source: AGHT+IHG4TLVdV0zG3R7qU7NWA2SRdoRhAp6cDxofi7qKJJ26cyd4bAEouHq5Fvvt82YqeHLzsxwZ/D7MtIqFGQhgN4=
X-Received: by 2002:a17:90a:8b08:b0:2c3:11fb:a163 with SMTP id
 98e67ed59e1d1-2c4db131a71mr11641140a91.6.1718666828902; Mon, 17 Jun 2024
 16:27:08 -0700 (PDT)
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
References: <CA+1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com>
 <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com>
 <CA+1FSijLiq0WMdCvJfQC+vtBxXc6iSMD6WQAMavGpg+smCuTFg@mail.gmail.com>
 <86a551c1-7f10-450d-a282-b33f959ed93e@app.fastmail.com> <CA+1FSighjAkOAtzyX3HBy4h0ZnTVckjF9adnWMpAR3m=xW0dUA@mail.gmail.com>
 <2245d71d-33a0-49ee-9648-e3e6b9a96ae0@app.fastmail.com>
In-Reply-To: <2245d71d-33a0-49ee-9648-e3e6b9a96ae0@app.fastmail.com>
From: Mario Marietto <marietto2008@gmail.com>
Date: Tue, 18 Jun 2024 01:26:32 +0200
Message-ID: <CA+1FSiguSV08+EHEE8qOBRy2mz-eTW-cz0qj1PQvtfg9fTEthw@mail.gmail.com>
Subject: Re: How to launch a bhyve vm as normal user,without being root
To: Dave Cottlehuber <dch@skunkwerks.at>
Cc: Odhiambo Washington <odhiambo@gmail.com>, 
	freebsd-virtualization <freebsd-virtualization@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000d2fa98061b1e4d9c"
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Queue-Id: 4W35dB39Mvz4gbB

--000000000000d2fa98061b1e4d9c
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

I want to keep the bhyve scripts in /bhyve and I've added the path /bhyve
to /home/marietto/.zshrc and on /root/.zshrc like this :

# sudo nano /home/marietto/.zshrc

export PATH=3D/bhyve:$PATH
# zsh autocompletion for sudo and doas
zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
/usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve


and in /root/.zshrc :

# sudo nano /root/.zshrc

export PATH=3D/bhyve:$PATH
# zsh autocompletion for sudo and doas
zstyle ":completion:*:(sudo|su|doas):*" command-path /usr/local/bin
/usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve


with :

nano /usr/local/etc/doas.conf :

permit nopass :wheel as root cmd bhyve-win
permit nopass :wheel as root cmd bhyve-lin
permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12


but when I try to run the vm like this :

[marietto@marietto /bhyve]=3D=3D> doas 10-Debian-Now_wine-tkg-vm10


it says :

doas: Operation not permitted


even if /bhyve is in $PATH :

[marietto@marietto /bhyve]=3D=3D> echo $PATH
/bhyve:/home/marietto/bin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr=
/local/sbin


and it is also on :

zstyle ":completion:*:(sudo|su|doas):*" command-path


If I keep the bhyve scripts in /usr/sbin,it works. But I want to keep the
bhyve scripts in /bhyve.

I found how it works :

[marietto@marietto /bhyve]=3D=3D> doas /bhyve/12-Win-11-vm12

I expect that this :

[marietto@marietto /bhyve]=3D=3D> doas 12-Win-11-vm12

works. And I would like to use it instead of doing : doas
/bhyve/12-Win-11-vm12.



On Tue, Jun 18, 2024 at 12:36=E2=80=AFAM Dave Cottlehuber <dch@skunkwerks.a=
t> wrote:

> On Mon, 17 Jun 2024, at 17:39, Mario Marietto wrote:
> > [marietto@marietto /bhyve]=3D=3D> sudo cp 12-Win-11-vm12 /usr/sbin
>
> this filepath is /usr/sbin/12-Win-11-vm12
>
> > permit nopass :wheel as root cmd /usr/sbin/bhyve-win
>
> this file path is /usr/sbin/bhyve-win
>
> these things need to be identical, like in the hallo example.
>
> > permit nopass :wheel as root cmd /usr/sbin/bhyve-win
>
> should be
>
> permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12
>
> A+
> Dave
>


--=20
Mario.

--000000000000d2fa98061b1e4d9c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I want to keep the bhyve scripts in /bhyve and I&#39;ve ad=
ded the path /bhyve to /home/marietto/.zshrc and on /root/.zshrc like this =
:<br>
<br>

=09
=09


<div>
	<div></div>
	<div dir=3D"ltr">
		<pre dir=3D"ltr"><code># sudo nano /home/marietto/.zshrc

export PATH=3D/bhyve:$PATH
# zsh autocompletion for sudo and doas
zstyle &quot;:completion:*:(sudo|su|doas):*&quot; command-path /usr/local/b=
in /usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve


and in /root/.zshrc :
<br>
# sudo nano /root/.zshrc

export PATH=3D/bhyve:$PATH
# zsh autocompletion for sudo and doas
zstyle &quot;:completion:*:(sudo|su|doas):*&quot; command-path /usr/local/b=
in /usr/local/sbin /usr/sbin /usr/bin /bin /sbin /bhyve</code></pre>
	</div>
</div><br>
with :<br>
<br>

=09
=09


<div>
	<div></div>
	<div dir=3D"ltr">
		<pre dir=3D"ltr"><code>nano /usr/local/etc/doas.conf :

permit nopass :wheel as root cmd bhyve-win
permit nopass :wheel as root cmd bhyve-lin
permit nopass :wheel as root cmd /bhyve/12-Win-11-vm12</code></pre>
	</div>
</div><br>
but when I try to run the vm like this :<br>
<br>

=09
=09


<div>
	<div></div>
	<div dir=3D"ltr">
		<pre dir=3D"ltr"><code>[marietto@marietto /bhyve]=3D=3D&gt; doas 10-Debia=
n-Now_wine-tkg-vm10</code></pre>
	</div>
</div><br>
it says :<br>
<br>

=09
=09


<div>
	<div></div>
	<div dir=3D"ltr">
		<pre dir=3D"ltr">doas: Operation not permitted</pre>
	</div>
</div><br>
even if /bhyve is in $PATH :<br>
<br>

=09
=09


<div>
	<div></div>
	<div dir=3D"ltr">
		<pre dir=3D"ltr"><code>[marietto@marietto /bhyve]=3D=3D&gt; echo $PATH   =
          =20
/bhyve:/home/marietto/bin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr=
/local/sbin</code></pre>
	</div>
</div><br>
and it is also on :<br>
<br>

=09
=09


<div>
	<div></div>
	<div dir=3D"ltr">
		<pre dir=3D"ltr"><code>zstyle &quot;:completion:*:(sudo|su|doas):*&quot; =
command-path</code></pre>
	</div>
</div><br>If I keep the bhyve scripts in /usr/sbin,it works. But I want to =
keep the bhyve scripts in /bhyve.<br>
<br> I found how it works :<br>
<br>

=09
=09


<div><div dir=3D"ltr">
		<pre dir=3D"ltr"><code>[marietto@marietto /bhyve]=3D=3D&gt; doas /bhyve/1=
2-Win-11-vm12<br><br></code></pre><div> I expect that this :<br></div><div>=
<br></div><div><span class=3D"gmail-im"><div>[marietto@marietto /bhyve]=3D=
=3D&gt; doas 12-Win-11-vm12</div><div><br></div></span><div>works. And I wo=
uld like to use it instead of doing : doas /bhyve/12-Win-11-vm12.</div><div=
></div><div><br><br></div></div>
	</div>
</div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_=
attr">On Tue, Jun 18, 2024 at 12:36=E2=80=AFAM Dave Cottlehuber &lt;<a href=
=3D"mailto:dch@skunkwerks.at" target=3D"_blank">dch@skunkwerks.at</a>&gt; w=
rote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0p=
x 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Mon, 17=
 Jun 2024, at 17:39, Mario Marietto wrote:<br>
&gt; [marietto@marietto /bhyve]=3D=3D&gt; sudo cp 12-Win-11-vm12 /usr/sbin<=
br>
<br>
this filepath is /usr/sbin/12-Win-11-vm12<br>
<br>
&gt; permit nopass :wheel as root cmd /usr/sbin/bhyve-win<br>
<br>
this file path is /usr/sbin/bhyve-win<br>
<br>
these things need to be identical, like in the hallo example.<br>
<br>
&gt; permit nopass :wheel as root cmd /usr/sbin/bhyve-win<br>
<br>
should be <br>
<br>
permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12<br>
<br>
A+<br>
Dave<br>
</blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d=
iv>

--000000000000d2fa98061b1e4d9c--