Date: Tue, 18 Jun 2024 10:09:45 +0200 From: Mario Marietto <marietto2008@gmail.com> To: Odhiambo Washington <odhiambo@gmail.com> Cc: FreeBSD virtualization <freebsd-virtualization@freebsd.org> Subject: Re: How to launch a bhyve vm as normal user,without being root Message-ID: <CA%2B1FSihqrtz%2BW_X%2BSc4dKPjQimMGtkmyQYDvdUWE0%2B4L=MdL8g@mail.gmail.com> In-Reply-To: <CAAdA2WMUX6E6VPhbtR9=Z9fp4_1e47A=izpiCBNDLsCU7zdtUA@mail.gmail.com> References: <CA%2B1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com> <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com> <CA%2B1FSijLiq0WMdCvJfQC%2BvtBxXc6iSMD6WQAMavGpg%2BsmCuTFg@mail.gmail.com> <CAAdA2WMw49ySJWY4OMOh%2BtuEK7gUwjq2a92dsrpaAfYbkx_Upg@mail.gmail.com> <CA%2B1FSig=GAH0OSSVwbYSgG_XYjGcqV2g4X4cMCm777et=Vgg5w@mail.gmail.com> <CAAdA2WMUX6E6VPhbtR9=Z9fp4_1e47A=izpiCBNDLsCU7zdtUA@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] This is mine : # permit :wheel # permit nopass keepenv marietto # permit nopass keepenv root as root permit nopass marietto cmd qemu-system-x86_64-debian_fs permit nopass marietto cmd qemu-system-x86_64_debian_now permit nopass marietto cmd qemu-system-x86_64_debian_proxy permit nopass marietto cmd qemu-system-x86_64_debian_warp permit nopass marietto cmd qemu-system-x86_64-debian_tuxler permit nopass marietto cmd zpool permit nopass marietto cmd mount permit nopass marietto cmd fsck permit nopass marietto as root cmd /usr/sbin/bhyve-win permit nopass marietto as root cmd /usr/sbin/bhyve-lin permit nopass marietto as root cmd /bhyve/12-Win-11-vm12 permit nopass marietto as root cmd /bhyve/01-Ubuntu-2310-vm1 permit nopass marietto as root cmd /bhyve/10-Debian-Now_wine-tkg-vm10 permit nopass marietto as root cmd /bhyve/02-Ubuntu-2310-vm2-hidden I prefer to run as root only some specific applications. On Tue, Jun 18, 2024 at 8:53 AM Odhiambo Washington <odhiambo@gmail.com> wrote: > ######/usr/local/etc/doas.conf######################### > permit :wheel > permit nopass keepenv :wheel > permit alice as root > permit keepenv bob as root > permit cindy as root cmd pkg args update > permit cindy as root cmd pkg args upgrade > permit nolog david as root cmd id > permit www as root cmd pfctl > permit nopass *wash* as root cmd bhyve > > ####### /usr/local/bhyve-vms/scripts/debian.sh############## > #!/usr/bin/env bash > if ! kldstat | grep -w vmm.ko > then > kldload -v vmm > fi > if ! kldstat | grep -w nmdm.ko > then > kldload -v nmdm > fi > /usr/sbin/bhyve -S -c sockets=2,cores=2,threads=2 -m 4G -w -H -A \ > -s 0,hostbridge \ > -s 4,ahci-hd,/usr/local/bhyve-vms/Debian/debian.img,bootindex=1 \ > -s 5,virtio-net,tap3 \ > -s 7,virtio-9p,sharename=/ \ > -s 8,hda,play=/dev/dsp,rec=/dev/dsp \ > -s 29,fbuf,tcp=0.0.0.0:5904,w=1600,h=950 \ > -s 30,xhci,tablet \ > -s 31,lpc -l com1,stdio \ > -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ > debian > > And all I do is `doas /usr/local/bhyve-vms/scripts/debian.sh`. > > > On Mon, Jun 17, 2024 at 6:46 PM Mario Marietto <marietto2008@gmail.com> > wrote: > >> Can you paste here the contents of doas.conf and debian.sh ? thanks. >> >> On Mon, Jun 17, 2024 at 5:35 PM Odhiambo Washington <odhiambo@gmail.com> >> wrote: >> >>> >>> >>> On Mon, Jun 17, 2024 at 5:13 PM Mario Marietto <marietto2008@gmail.com> >>> wrote: >>> >>>> Nice idea,but it does not work : >>>> >>> >>> It worked for me! >>> >>> I created a bash script file named debian.sh which contained all the >>> bhyve args to create the VM, then I just did: >>> >>> doas debian.sh >>> >>> And I actually successfully installed the VM and it's running >>> >>> >>> -- >>> Best regards, >>> Odhiambo WASHINGTON, >>> Nairobi,KE >>> +254 7 3200 0004/+254 7 2274 3223 >>> In an Internet failure case, the #1 suspect is a constant: DNS. >>> "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) >>> [How to ask smart questions: >>> http://www.catb.org/~esr/faqs/smart-questions.html] >>> >> >> >> -- >> Mario. >> > > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254 7 3200 0004/+254 7 2274 3223 > In an Internet failure case, the #1 suspect is a constant: DNS. > "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) > [How to ask smart questions: > http://www.catb.org/~esr/faqs/smart-questions.html] > -- Mario. [-- Attachment #2 --] <div dir="ltr"><div>This is mine :</div><div><br></div><div># permit :wheel</div># permit nopass keepenv marietto<br># permit nopass keepenv root as root<br><br>permit nopass marietto cmd qemu-system-x86_64-debian_fs<br>permit nopass marietto cmd qemu-system-x86_64_debian_now<br>permit nopass marietto cmd qemu-system-x86_64_debian_proxy<br>permit nopass marietto cmd qemu-system-x86_64_debian_warp<br>permit nopass marietto cmd qemu-system-x86_64-debian_tuxler<br>permit nopass marietto cmd zpool<br>permit nopass marietto cmd mount<br>permit nopass marietto cmd fsck<br><br>permit nopass marietto as root cmd /usr/sbin/bhyve-win<br>permit nopass marietto as root cmd /usr/sbin/bhyve-lin<br>permit nopass marietto as root cmd /bhyve/12-Win-11-vm12<br>permit nopass marietto as root cmd /bhyve/01-Ubuntu-2310-vm1<br>permit nopass marietto as root cmd /bhyve/10-Debian-Now_wine-tkg-vm10<br><div>permit nopass marietto as root cmd /bhyve/02-Ubuntu-2310-vm2-hidden</div><div><br></div><div>I prefer to run as root only some specific applications. <br></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jun 18, 2024 at 8:53 AM Odhiambo Washington <<a href="mailto:odhiambo@gmail.com">odhiambo@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>######/usr/local/etc/doas.conf#########################<br>permit :wheel<br>permit nopass keepenv :wheel<br>permit alice as root<br>permit keepenv bob as root<br>permit cindy as root cmd pkg args update<br>permit cindy as root cmd pkg args upgrade<br>permit nolog david as root cmd id<br>permit www as root cmd pfctl<br>permit nopass <b>wash</b> as root cmd bhyve<br></div><div><br></div><div>####### /usr/local/bhyve-vms/scripts/debian.sh##############</div><div>#!/usr/bin/env bash<br>if ! kldstat | grep -w vmm.ko<br>then<br> kldload -v vmm<br>fi<br>if ! kldstat | grep -w nmdm.ko<br>then<br> kldload -v nmdm<br>fi<br>/usr/sbin/bhyve -S -c sockets=2,cores=2,threads=2 -m 4G -w -H -A \<br>-s 0,hostbridge \<br>-s 4,ahci-hd,/usr/local/bhyve-vms/Debian/debian.img,bootindex=1 \<br>-s 5,virtio-net,tap3 \<br>-s 7,virtio-9p,sharename=/ \<br>-s 8,hda,play=/dev/dsp,rec=/dev/dsp \<br>-s 29,fbuf,tcp=<a href="http://0.0.0.0:5904" target="_blank">0.0.0.0:5904</a>,w=1600,h=950 \<br>-s 30,xhci,tablet \<br>-s 31,lpc -l com1,stdio \<br>-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \<br>debian<br></div><div><br></div><div>And all I do is `doas /usr/local/bhyve-vms/scripts/debian.sh`.</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jun 17, 2024 at 6:46 PM Mario Marietto <<a href="mailto:marietto2008@gmail.com" target="_blank">marietto2008@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Can you paste here the contents of doas.conf and debian.sh ? thanks.<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jun 17, 2024 at 5:35 PM Odhiambo Washington <<a href="mailto:odhiambo@gmail.com" target="_blank">odhiambo@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jun 17, 2024 at 5:13 PM Mario Marietto <<a href="mailto:marietto2008@gmail.com" target="_blank">marietto2008@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Nice idea,but it does not work :</div></div></blockquote><div><br></div><div>It worked for me!</div><div><br></div><div>I created a bash script file named debian.sh which contained all the bhyve args to create the VM, then I just did:</div><div><br></div><div>doas debian.sh</div><div><br></div><div>And I actually successfully installed the VM and it's running</div><div><br></div></div><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div dir="ltr"><div>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254 7 3200 0004/+254 7 2274 3223</div><div><span style="color:rgb(34,34,34)"> In </span><span style="color:rgb(34,34,34)">an Internet failure case, the #1 suspect is a constant: DNS.</span><br>"<span style="font-size:12.8px">Oh, the cruft.</span><span style="font-size:12.8px">", </span><span style="font-size:12.8px">egrep -v '^$|^.*#' </span><span style="background-color:rgb(34,34,34);color:rgb(238,238,238);font-family:"Lucida Console",Consolas,"Courier New",monospace;font-size:13.6px">¯\_(ツ)_/¯</span><span style="font-size:12.8px"> :-)</span></div><div><span style="font-size:12.8px">[How to ask smart questions: </span><span style="font-size:12.8px"><a href="http://www.catb.org/~esr/faqs/smart-questions.html" target="_blank">http://www.catb.org/~esr/faqs/smart-questions.html</a>]</span></div></div></div></div></div>; </blockquote></div><br clear="all"><br><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature">Mario.<br></div> </blockquote></div><br clear="all"><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div dir="ltr"><div>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254 7 3200 0004/+254 7 2274 3223</div><div><span style="color:rgb(34,34,34)"> In </span><span style="color:rgb(34,34,34)">an Internet failure case, the #1 suspect is a constant: DNS.</span><br>"<span style="font-size:12.8px">Oh, the cruft.</span><span style="font-size:12.8px">", </span><span style="font-size:12.8px">egrep -v '^$|^.*#' </span><span style="background-color:rgb(34,34,34);color:rgb(238,238,238);font-family:"Lucida Console",Consolas,"Courier New",monospace;font-size:13.6px">¯\_(ツ)_/¯</span><span style="font-size:12.8px"> :-)</span></div><div><span style="font-size:12.8px">[How to ask smart questions: </span><span style="font-size:12.8px"><a href="http://www.catb.org/~esr/faqs/smart-questions.html" target="_blank">http://www.catb.org/~esr/faqs/smart-questions.html</a>]</span></div></div></div></div>; </blockquote></div><br clear="all"><br><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature">Mario.<br></div>help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B1FSihqrtz%2BW_X%2BSc4dKPjQimMGtkmyQYDvdUWE0%2B4L=MdL8g>