From owner-freebsd-virtualization@FreeBSD.ORG Fri Jan 17 08:47:29 2014 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 02914990 for ; Fri, 17 Jan 2014 08:47:29 +0000 (UTC) Received: from mail-qe0-f52.google.com (mail-qe0-f52.google.com [209.85.128.52]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B22491D4A for ; Fri, 17 Jan 2014 08:47:28 +0000 (UTC) Received: by mail-qe0-f52.google.com with SMTP id a11so1414518qen.39 for ; Fri, 17 Jan 2014 00:47:21 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=5wZM9+gP81VPOZDObEjw1cnSjOdSa99dMUOwr/c8MtA=; b=iDwhrV3kQLazBAgymCvaFRVuzsUIJ/tnhOykdQ3Uo1FbD993xQyVgYJCFM2bSGka1l KMU8NYndB+pDsb+YOcb5Z8mDGXepEbSCrl18ixG1E6VNTtZT0uBIU5Z7fXpve6GL428H DLL15kdMSF894ewkGO8RX6OxlSyEuGd6nfUnqddob7571PX2YhJd1c3Zz2NadWyToAER KYHEfHipRFPSjjgRcrRcAWqJMDd73kCS3dG9rqZ1cG4KRVs66ZybkM/2ZQ5FfK41//Jz EqOq80U+mRl6kpAINLOEIkvhGIti3gDudzzC7qZ86lVXMAa3/aowT12bRtDvf91yJJpF /Vhg== X-Gm-Message-State: ALoCoQleA61XMu5N/mK/eG65DGee+tDDPaBzE2UQPYWge9vZZmCXIcJ/jRtt45lQNpCFhEMMjuG0 MIME-Version: 1.0 X-Received: by 10.224.165.133 with SMTP id i5mr911249qay.75.1389948441580; Fri, 17 Jan 2014 00:47:21 -0800 (PST) Received: by 10.229.139.202 with HTTP; Fri, 17 Jan 2014 00:47:21 -0800 (PST) X-Originating-IP: [2001:470:28:12b::3] In-Reply-To: <52D84D46.9070600@freebsd.org> References: <52D84D46.9070600@freebsd.org> Date: Fri, 17 Jan 2014 09:47:21 +0100 Message-ID: Subject: Re: BHyVe as non root From: Andrea Brancatelli To: Peter Grehan Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: "freebsd-virtualization@freebsd.org" X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jan 2014 08:47:29 -0000 Thank you, you've been very clear. Let me know if I can help anyhow with future testings on this item - that's the only thing I can do to help :-) On Thu, Jan 16, 2014 at 10:21 PM, Peter Grehan wrote: > Hi Andrea, > > do you see any particolar problem (devices who need to have the owner >> changed, limitations of any kind...?) in running BHyVe as non-root? >> > > There's 2 issues - firstly, bhyve is new and hasn't had a lot of > exposure. It's probably safest to restrict it to root for a while to avoi= d > exposing non-root users to unforeseen security issues. > > Secondly, the current implementation doesn't tie all resource usage to a > process. The split of bhyveload/bhyve allows VM memory to be tied to a > memory object associated with the VM. This complicates the tracking syste= m > memory usage, which is usually done on a process basis. The fix for this, > in progress, is to use a single process for a VM, and avoid a separate > loading process. > > The goal is to allow non-root usage, but there's still a ways to go for > that. > > later, > > Peter. > --=20 *Andrea BrancatelliSchema 31 S.r.l. - Socio UnicoResponsabile ITROMA - FIRENZE - PALERMO ITALYTel: +39. 06.98.358.472* *Cell: +39 331.2488468Fax: +39. 055.71.880.466Societ=C3=A0 del Gruppo SC31 ITALIA*