Date: Fri, 17 Jan 2014 09:47:21 +0100 From: Andrea Brancatelli <abrancatelli@schema31.it> To: Peter Grehan <grehan@freebsd.org> Cc: "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org> Subject: Re: BHyVe as non root Message-ID: <CADfWLend67n2HGDgBUfZROjJRPqg7QHRX4wnaZGoXNcudiWpXw@mail.gmail.com> In-Reply-To: <52D84D46.9070600@freebsd.org> References: <CADfWLek9E3J3ExBjHoyeguBXqsPFft8VB=cC8PuKG5KxOsAtMg@mail.gmail.com> <52D84D46.9070600@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you, you've been very clear. Let me know if I can help anyhow with future testings on this item - that's the only thing I can do to help :-) On Thu, Jan 16, 2014 at 10:21 PM, Peter Grehan <grehan@freebsd.org> wrote: > Hi Andrea, > > do you see any particolar problem (devices who need to have the owner >> changed, limitations of any kind...?) in running BHyVe as non-root? >> > > There's 2 issues - firstly, bhyve is new and hasn't had a lot of > exposure. It's probably safest to restrict it to root for a while to avoi= d > exposing non-root users to unforeseen security issues. > > Secondly, the current implementation doesn't tie all resource usage to a > process. The split of bhyveload/bhyve allows VM memory to be tied to a > memory object associated with the VM. This complicates the tracking syste= m > memory usage, which is usually done on a process basis. The fix for this, > in progress, is to use a single process for a VM, and avoid a separate > loading process. > > The goal is to allow non-root usage, but there's still a ways to go for > that. > > later, > > Peter. > --=20 *Andrea BrancatelliSchema 31 S.r.l. - Socio UnicoResponsabile ITROMA - FIRENZE - PALERMO ITALYTel: +39. 06.98.358.472* *Cell: +39 331.2488468Fax: +39. 055.71.880.466Societ=C3=A0 del Gruppo SC31 ITALIA*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADfWLend67n2HGDgBUfZROjJRPqg7QHRX4wnaZGoXNcudiWpXw>