Date: Tue, 18 Jun 2024 10:09:45 +0200 From: Mario Marietto <marietto2008@gmail.com> To: Odhiambo Washington <odhiambo@gmail.com> Cc: FreeBSD virtualization <freebsd-virtualization@freebsd.org> Subject: Re: How to launch a bhyve vm as normal user,without being root Message-ID: <CA%2B1FSihqrtz%2BW_X%2BSc4dKPjQimMGtkmyQYDvdUWE0%2B4L=MdL8g@mail.gmail.com> In-Reply-To: <CAAdA2WMUX6E6VPhbtR9=Z9fp4_1e47A=izpiCBNDLsCU7zdtUA@mail.gmail.com> References: <CA%2B1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com> <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com> <CA%2B1FSijLiq0WMdCvJfQC%2BvtBxXc6iSMD6WQAMavGpg%2BsmCuTFg@mail.gmail.com> <CAAdA2WMw49ySJWY4OMOh%2BtuEK7gUwjq2a92dsrpaAfYbkx_Upg@mail.gmail.com> <CA%2B1FSig=GAH0OSSVwbYSgG_XYjGcqV2g4X4cMCm777et=Vgg5w@mail.gmail.com> <CAAdA2WMUX6E6VPhbtR9=Z9fp4_1e47A=izpiCBNDLsCU7zdtUA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000fc5089061b259c17 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable This is mine : # permit :wheel # permit nopass keepenv marietto # permit nopass keepenv root as root permit nopass marietto cmd qemu-system-x86_64-debian_fs permit nopass marietto cmd qemu-system-x86_64_debian_now permit nopass marietto cmd qemu-system-x86_64_debian_proxy permit nopass marietto cmd qemu-system-x86_64_debian_warp permit nopass marietto cmd qemu-system-x86_64-debian_tuxler permit nopass marietto cmd zpool permit nopass marietto cmd mount permit nopass marietto cmd fsck permit nopass marietto as root cmd /usr/sbin/bhyve-win permit nopass marietto as root cmd /usr/sbin/bhyve-lin permit nopass marietto as root cmd /bhyve/12-Win-11-vm12 permit nopass marietto as root cmd /bhyve/01-Ubuntu-2310-vm1 permit nopass marietto as root cmd /bhyve/10-Debian-Now_wine-tkg-vm10 permit nopass marietto as root cmd /bhyve/02-Ubuntu-2310-vm2-hidden I prefer to run as root only some specific applications. On Tue, Jun 18, 2024 at 8:53=E2=80=AFAM Odhiambo Washington <odhiambo@gmail= .com> wrote: > ######/usr/local/etc/doas.conf######################### > permit :wheel > permit nopass keepenv :wheel > permit alice as root > permit keepenv bob as root > permit cindy as root cmd pkg args update > permit cindy as root cmd pkg args upgrade > permit nolog david as root cmd id > permit www as root cmd pfctl > permit nopass *wash* as root cmd bhyve > > ####### /usr/local/bhyve-vms/scripts/debian.sh############## > #!/usr/bin/env bash > if ! kldstat | grep -w vmm.ko > then > kldload -v vmm > fi > if ! kldstat | grep -w nmdm.ko > then > kldload -v nmdm > fi > /usr/sbin/bhyve -S -c sockets=3D2,cores=3D2,threads=3D2 -m 4G -w -H -A \ > -s 0,hostbridge \ > -s 4,ahci-hd,/usr/local/bhyve-vms/Debian/debian.img,bootindex=3D1 \ > -s 5,virtio-net,tap3 \ > -s 7,virtio-9p,sharename=3D/ \ > -s 8,hda,play=3D/dev/dsp,rec=3D/dev/dsp \ > -s 29,fbuf,tcp=3D0.0.0.0:5904,w=3D1600,h=3D950 \ > -s 30,xhci,tablet \ > -s 31,lpc -l com1,stdio \ > -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ > debian > > And all I do is `doas /usr/local/bhyve-vms/scripts/debian.sh`. > > > On Mon, Jun 17, 2024 at 6:46=E2=80=AFPM Mario Marietto <marietto2008@gmai= l.com> > wrote: > >> Can you paste here the contents of doas.conf and debian.sh ? thanks. >> >> On Mon, Jun 17, 2024 at 5:35=E2=80=AFPM Odhiambo Washington <odhiambo@gm= ail.com> >> wrote: >> >>> >>> >>> On Mon, Jun 17, 2024 at 5:13=E2=80=AFPM Mario Marietto <marietto2008@gm= ail.com> >>> wrote: >>> >>>> Nice idea,but it does not work : >>>> >>> >>> It worked for me! >>> >>> I created a bash script file named debian.sh which contained all the >>> bhyve args to create the VM, then I just did: >>> >>> doas debian.sh >>> >>> And I actually successfully installed the VM and it's running >>> >>> >>> -- >>> Best regards, >>> Odhiambo WASHINGTON, >>> Nairobi,KE >>> +254 7 3200 0004/+254 7 2274 3223 >>> In an Internet failure case, the #1 suspect is a constant: DNS. >>> "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-) >>> [How to ask smart questions: >>> http://www.catb.org/~esr/faqs/smart-questions.html] >>> >> >> >> -- >> Mario. >> > > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254 7 3200 0004/+254 7 2274 3223 > In an Internet failure case, the #1 suspect is a constant: DNS. > "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-) > [How to ask smart questions: > http://www.catb.org/~esr/faqs/smart-questions.html] > --=20 Mario. --000000000000fc5089061b259c17 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div>This is mine :</div><div><br></div><div># permit :whe= el</div># permit nopass keepenv marietto<br># permit nopass keepenv root as= root<br><br>permit nopass marietto cmd qemu-system-x86_64-debian_fs<br>per= mit nopass marietto cmd qemu-system-x86_64_debian_now<br>permit nopass mari= etto cmd qemu-system-x86_64_debian_proxy<br>permit nopass marietto cmd qemu= -system-x86_64_debian_warp<br>permit nopass marietto cmd qemu-system-x86_64= -debian_tuxler<br>permit nopass marietto cmd zpool<br>permit nopass mariett= o cmd mount<br>permit nopass marietto cmd fsck<br><br>permit nopass mariett= o as root cmd /usr/sbin/bhyve-win<br>permit nopass marietto as root cmd /us= r/sbin/bhyve-lin<br>permit nopass marietto as root cmd /bhyve/12-Win-11-vm1= 2<br>permit nopass marietto as root cmd /bhyve/01-Ubuntu-2310-vm1<br>permit= nopass marietto as root cmd /bhyve/10-Debian-Now_wine-tkg-vm10<br><div>per= mit nopass marietto as root cmd /bhyve/02-Ubuntu-2310-vm2-hidden</div><div>= <br></div><div>I prefer to run as root only some specific applications. <br= ></div><br></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"g= mail_attr">On Tue, Jun 18, 2024 at 8:53=E2=80=AFAM Odhiambo Washington <= <a href=3D"mailto:odhiambo@gmail.com">odhiambo@gmail.com</a>> wrote:<br>= </div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;b= order-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><d= iv>######/usr/local/etc/doas.conf#########################<br>permit :wheel= <br>permit nopass keepenv :wheel<br>permit alice as root<br>permit keepenv = bob as root<br>permit cindy as root cmd pkg args update<br>permit cindy as = root cmd pkg args upgrade<br>permit nolog david as root cmd id<br>permit ww= w as root cmd pfctl<br>permit nopass <b>wash</b> as root cmd bhyve<br></div= ><div><br></div><div>####### /usr/local/bhyve-vms/scripts/debian.sh########= ######</div><div>#!/usr/bin/env bash<br>if ! kldstat | grep -w vmm.ko<br>th= en<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 kldload -v vmm<br>fi<br>if ! kldstat | gr= ep -w nmdm.ko<br>then<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 kldload -v nmdm<br>fi<= br>/usr/sbin/bhyve -S -c sockets=3D2,cores=3D2,threads=3D2 -m 4G -w -H -A \= <br>-s 0,hostbridge \<br>-s 4,ahci-hd,/usr/local/bhyve-vms/Debian/debian.im= g,bootindex=3D1 \<br>-s 5,virtio-net,tap3 \<br>-s 7,virtio-9p,sharename=3D/= \<br>-s 8,hda,play=3D/dev/dsp,rec=3D/dev/dsp \<br>-s 29,fbuf,tcp=3D<a href= =3D"http://0.0.0.0:5904" target=3D"_blank">0.0.0.0:5904</a>,w=3D1600,h=3D95= 0 \<br>-s 30,xhci,tablet \<br>-s 31,lpc -l com1,stdio \<br>-l bootrom,/usr/= local/share/uefi-firmware/BHYVE_UEFI.fd \<br>debian<br></div><div><br></div= ><div>And all I do is `doas /usr/local/bhyve-vms/scripts/debian.sh`.</div><= div><br></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class= =3D"gmail_attr">On Mon, Jun 17, 2024 at 6:46=E2=80=AFPM Mario Marietto <= <a href=3D"mailto:marietto2008@gmail.com" target=3D"_blank">marietto2008@gm= ail.com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"= margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-lef= t:1ex"><div dir=3D"ltr">Can you paste here the contents of doas.conf and de= bian.sh ? thanks.<br></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" = class=3D"gmail_attr">On Mon, Jun 17, 2024 at 5:35=E2=80=AFPM Odhiambo Washi= ngton <<a href=3D"mailto:odhiambo@gmail.com" target=3D"_blank">odhiambo@= gmail.com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style= =3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding= -left:1ex"><div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gm= ail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Jun 17, 2024 at 5:= 13=E2=80=AFPM Mario Marietto <<a href=3D"mailto:marietto2008@gmail.com" = target=3D"_blank">marietto2008@gmail.com</a>> wrote:<br></div><blockquot= e class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px s= olid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div>Nice idea,but= it does not work :</div></div></blockquote><div><br></div><div>It worked f= or me!</div><div><br></div><div>I created a bash script file named debian.s= h which contained all the bhyve args to create the VM, then I just did:</di= v><div><br></div><div>doas debian.sh</div><div><br></div><div>And I actuall= y successfully installed the VM and it's running</div><div><br></div></= div><div><br></div><span class=3D"gmail_signature_prefix">-- </span><br><di= v dir=3D"ltr" class=3D"gmail_signature"><div dir=3D"ltr"><div dir=3D"ltr"><= div>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254 7 3200 0004= /+254 7 2274 3223</div><div><span style=3D"color:rgb(34,34,34)">=C2=A0In=C2= =A0</span><span style=3D"color:rgb(34,34,34)">an Internet failure case, the= #1 suspect is a constant: DNS.</span><br>"<span style=3D"font-size:12= .8px">Oh, the cruft.</span><span style=3D"font-size:12.8px">",=C2=A0</= span><span style=3D"font-size:12.8px">egrep -v '^$|^.*#'=C2=A0</spa= n><span style=3D"background-color:rgb(34,34,34);color:rgb(238,238,238);font= -family:"Lucida Console",Consolas,"Courier New",monospa= ce;font-size:13.6px">=C2=AF\_(=E3=83=84)_/=C2=AF</span><span style=3D"font-= size:12.8px">=C2=A0:-)</span></div><div><span style=3D"font-size:12.8px">[H= ow to ask smart questions:=C2=A0</span><span style=3D"font-size:12.8px"><a = href=3D"http://www.catb.org/~esr/faqs/smart-questions.html" target=3D"_blan= k">http://www.catb.org/~esr/faqs/smart-questions.html</a>]</span></div></di= v></div></div></div> </blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre= fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d= iv> </blockquote></div><br clear=3D"all"><div><br></div><span class=3D"gmail_si= gnature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature"><d= iv dir=3D"ltr"><div dir=3D"ltr"><div>Best regards,<br>Odhiambo WASHINGTON,<= br>Nairobi,KE<br>+254 7 3200 0004/+254 7 2274 3223</div><div><span style=3D= "color:rgb(34,34,34)">=C2=A0In=C2=A0</span><span style=3D"color:rgb(34,34,3= 4)">an Internet failure case, the #1 suspect is a constant: DNS.</span><br>= "<span style=3D"font-size:12.8px">Oh, the cruft.</span><span style=3D"= font-size:12.8px">",=C2=A0</span><span style=3D"font-size:12.8px">egre= p -v '^$|^.*#'=C2=A0</span><span style=3D"background-color:rgb(34,3= 4,34);color:rgb(238,238,238);font-family:"Lucida Console",Consola= s,"Courier New",monospace;font-size:13.6px">=C2=AF\_(=E3=83=84)_/= =C2=AF</span><span style=3D"font-size:12.8px">=C2=A0:-)</span></div><div><s= pan style=3D"font-size:12.8px">[How to ask smart questions:=C2=A0</span><sp= an style=3D"font-size:12.8px"><a href=3D"http://www.catb.org/~esr/faqs/smar= t-questions.html" target=3D"_blank">http://www.catb.org/~esr/faqs/smart-que= stions.html</a>]</span></div></div></div></div> </blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre= fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d= iv> --000000000000fc5089061b259c17--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B1FSihqrtz%2BW_X%2BSc4dKPjQimMGtkmyQYDvdUWE0%2B4L=MdL8g>