Date: Thu, 16 Jan 2014 13:21:10 -0800 From: Peter Grehan <grehan@freebsd.org> To: Andrea Brancatelli <abrancatelli@schema31.it> Cc: "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org> Subject: Re: BHyVe as non root Message-ID: <52D84D46.9070600@freebsd.org> In-Reply-To: <CADfWLek9E3J3ExBjHoyeguBXqsPFft8VB=cC8PuKG5KxOsAtMg@mail.gmail.com> References: <CADfWLek9E3J3ExBjHoyeguBXqsPFft8VB=cC8PuKG5KxOsAtMg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Andrea, > do you see any particolar problem (devices who need to have the owner > changed, limitations of any kind...?) in running BHyVe as non-root? There's 2 issues - firstly, bhyve is new and hasn't had a lot of exposure. It's probably safest to restrict it to root for a while to avoid exposing non-root users to unforeseen security issues. Secondly, the current implementation doesn't tie all resource usage to a process. The split of bhyveload/bhyve allows VM memory to be tied to a memory object associated with the VM. This complicates the tracking system memory usage, which is usually done on a process basis. The fix for this, in progress, is to use a single process for a VM, and avoid a separate loading process. The goal is to allow non-root usage, but there's still a ways to go for that. later, Peter.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52D84D46.9070600>