Date: Sat, 28 Mar 2026 10:22:00 +0100 From: Roman Bogorodskiy <novel@freebsd.org> To: Mark Johnston <markj@freebsd.org> Cc: freebsd-virtualization@freebsd.org Subject: Re: bhyve(load) does not start in jail on -CURRENT Message-ID: <aceduHsrfAM-JyrB@tulp> In-Reply-To: <aceUdJV_TtM5Q8PP@framework> References: <aca_1N4J9ErYvHCs@tulp> <aceUdJV_TtM5Q8PP@framework>
index | next in thread | previous in thread | raw e-mail
Mark Johnston wrote:
> On Fri, Mar 27, 2026 at 06:35:16PM +0100, Roman Bogorodskiy wrote:
> > Hi,
> >
> > I'm using jails to run some tests with bhyve and this setup works for me
> > with 15.0-RELEASE, but does not with 16.0-CURRENT.
> >
> > The setup is as follows:
> >
> > jail.conf:
> >
> > testrunnergit {
> > enforce_statfs = 2;
> > devfs_ruleset = 44;
> > exec.clean;
> > exec.consolelog = /var/log/bastille/testrunnergit_console.log;
> > exec.start = '/bin/sh /etc/rc';
> > exec.stop = '/bin/sh /etc/rc.shutdown';
> > host.hostname = testrunnergit;
> > mount.devfs;
> > mount.fstab = /usr/local/bastille/jails/testrunnergit/fstab;
> > path = /usr/local/bastille/jails/testrunnergit/root;
> > osrelease = 16.0-CURRENT;
> >
> > vnet;
> > vnet.interface = e0b_bastille1;
> > exec.prestart += "jib addm bastille1 vtnet0";
> > exec.prestart += "ifconfig e0a_bastille1 description \"vnet0 host interface for Bastille jail testrunnergit\"";
> > exec.poststop += "ifconfig e0a_bastille1 destroy";
> > allow.chflags = 1;
> > allow.raw_sockets = 1;
> > allow.vmm = 1;
> > allow.mount;
> > allow.mount.devfs;
> > allow.mount.fdescfs;
> > allow.mount.procfs;
> > mount.fdescfs;
> > mount.procfs;
> > }
> >
> > When I try to run bhyveload:
> >
> > root@testrunnergit:~ # bhyveload -m 1024 -d /var/cache/libvirt-tck/os-x86_64-hvm/disk-freebsd-11.1.img tck32424
> > bhyveload: vm_create: Operation not permitted (An unprivileged user must run VMs in monitor mode)
> > root@testrunnergit:~ #
> >
> > root@freebsd16-current:~ # jls -j testrunnergit allow.vmm
> > true
> > root@freebsd16-current:~ # devfs -m /usr/local/bastille/jails/testrunnergit/root/dev rule show
> > 100 include 4
> > 200 path vmmctl unhide
> > 300 path vmm unhide
> > 400 path vmm/* unhide
> > 500 path tap* unhide
> > 600 path mem unhide
> > 700 path kmem unhide
> > 800 path nmdm* unhide
> > 900 path pci unhide
> > 1000 path io unhide
> > 1100 path pf unhide
> > root@freebsd16-current:~ #
> >
> > Am I missing anything?
>
> I think this is a regression. Could you please try the patch here?
> https://reviews.freebsd.org/D56119
Yes, this patch fixes it for me.
Thanks,
Roman
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?aceduHsrfAM-JyrB>