From owner-freebsd-virtualization@FreeBSD.ORG  Thu Jan 16 21:21:15 2014
Return-Path: <owner-freebsd-virtualization@FreeBSD.ORG>
Delivered-To: freebsd-virtualization@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 9C64885F
 for <freebsd-virtualization@freebsd.org>; Thu, 16 Jan 2014 21:21:15 +0000 (UTC)
Received: from alto.onthenet.com.au (alto.OntheNet.com.au [203.13.68.12])
 by mx1.freebsd.org (Postfix) with ESMTP id 5D0731A78
 for <freebsd-virtualization@freebsd.org>; Thu, 16 Jan 2014 21:21:15 +0000 (UTC)
Received: from dommail.onthenet.com.au (dommail.OntheNet.com.au [203.13.70.57])
 by alto.onthenet.com.au (Postfix) with ESMTPS id 311A0121D9;
 Fri, 17 Jan 2014 07:21:13 +1000 (EST)
Received: from Peter-Grehans-MacBook-Pro-2.local ([64.245.0.210])
 by dommail.onthenet.com.au (MOS 4.2.4-GA)
 with ESMTP id BRF29826 (AUTH peterg@ptree32.com.au);
 Fri, 17 Jan 2014 07:21:12 +1000
Message-ID: <52D84D46.9070600@freebsd.org>
Date: Thu, 16 Jan 2014 13:21:10 -0800
From: Peter Grehan <grehan@freebsd.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
 rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Andrea Brancatelli <abrancatelli@schema31.it>
Subject: Re: BHyVe as non root
References: <CADfWLek9E3J3ExBjHoyeguBXqsPFft8VB=cC8PuKG5KxOsAtMg@mail.gmail.com>
In-Reply-To: <CADfWLek9E3J3ExBjHoyeguBXqsPFft8VB=cC8PuKG5KxOsAtMg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion of various virtualization techniques FreeBSD supports."
 <freebsd-virtualization.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-virtualization>, 
 <mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization/>
List-Post: <mailto:freebsd-virtualization@freebsd.org>
List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, 
 <mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jan 2014 21:21:15 -0000

Hi Andrea,
> do you see any particolar problem (devices who need to have the owner
> changed, limitations of any kind...?) in running BHyVe as non-root?

  There's 2 issues - firstly, bhyve is new and hasn't had a lot of 
exposure. It's probably safest to restrict it to root for a while to 
avoid exposing non-root users to unforeseen security issues.

  Secondly, the current implementation doesn't tie all resource usage to 
a process. The split of bhyveload/bhyve allows VM memory to be tied to a 
memory object associated with the VM. This complicates the tracking 
system memory usage, which is usually done on a process basis. The fix 
for this, in progress, is to use a single process for a VM, and avoid a 
separate loading process.

  The goal is to allow non-root usage, but there's still a ways to go 
for that.

later,

Peter.