From nobody Tue Oct 21 21:02:59 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4crlBS49Yxz6D0fY; Tue, 21 Oct 2025 21:03:12 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx-01.divo.sbone.de (mx-01.divo.sbone.de [IPv6:2003:a:140a:2200:6:594:fffe:19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (prime256v1) client-digest SHA256) (Client CN "mx-01.divo.sbone.de", Issuer "E8" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4crlBS1qwdz42d7; Tue, 21 Oct 2025 21:03:12 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Authentication-Results: mx1.freebsd.org; none Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:1025]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by mx-01.divo.sbone.de (Postfix) with ESMTPS id 8897BA64805; Tue, 21 Oct 2025 21:02:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=zabbadoz.net; s=20240622; t=1761080571; bh=yOiyWLlDQzKCfUGy9ZEwneVL7vQ8EXh5awZGgmuToEg=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=J8fRx9CpkN1ZOTAfxC9h+3wmCUh7J0wCQAmSmmYO2ZJiiNSTpnF3bFWCmXyBK8qsE z8hW2t5IvzWKugrAGt8fS+0aRIqFkIOjcz/SRZDh1gTgxu9tOfals2gfGBTqSQ9Eqn JfotlgzMyGd+I7SVb3xefUXPZaKpQP2Ze0TK/OhdM98yYBlj+IvDN7LjlCbPNQ+Wbn 2/XTEck48ttYvuBJ5fEybEngRVWVykQKosthwnPBGHzNB0Ladh5Wf616eDvy/gVoAx Wquazvi1Xd5wU8Bx+iQp8RhQYsd93DzVZrtXi0hsCdjNP5n4cUNCWGafxTLjVlqz6S 5ctXWsXwK82H7gcEZlylZnw+dOl3SZ5UUFNAYs24IqTi46eZ65ug+vi5G6eABzcxCM MdKwPe+vHmV/C3e8xUdlKfVsslnXScR/PcbhkmEMm2IHEYP6aZnrMGVf7kZz3po156 6SwIwh7I6rJDo8JRksyUv5bWvsYsHyMLYsttaeKEQ9tysjrr41pC2Qemd+49hfhDzC NW0R+BsBmLpeY2Z1hSgXisiG3yjpjd7XnYhQjeaI9xM9d++R3ziwqe0EfuHfxiZs5p yduMgIKkjnM1+xoPg8j2yVBt7525dHb1nDeZ9gwJKJlmppwdt5OwDto4ibJwary1rN OBL6ugdv48aluBeuAY16LHdg= Received: from content-filter.t4-02.sbone.de (content-filter.t4-02.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:2742]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 66B2C2D029E6; Tue, 21 Oct 2025 21:03:02 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:4902:0:7404:2:1025]) by content-filter.t4-02.sbone.de (content-filter.t4-02.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:2742]) (amavisd-new, port 10024) with ESMTP id 4CJRKkTUYD6f; Tue, 21 Oct 2025 21:03:01 +0000 (UTC) Received: from nv.t4-02.sbone.de (nv.t4-02.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:22]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 4C1852D029D8; Tue, 21 Oct 2025 21:03:01 +0000 (UTC) Date: Tue, 21 Oct 2025 21:02:59 +0000 (UTC) From: "Bjoern A. Zeeb" To: Mark Johnston cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: e11768e94787 - main - vmm: Add PRIV_DRIVER checks for passthru ioctls In-Reply-To: <202510211749.59LHnJ49029334@gitrepo.freebsd.org> Message-ID: <5pr96847-3p44-6043-50o4-4np23n9022q3@mnoonqbm.arg> References: <202510211749.59LHnJ49029334@gitrepo.freebsd.org> X-OpenPGP-Key-Id: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:3320, ipnet:2003::/19, country:DE] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Queue-Id: 4crlBS1qwdz42d7 On Tue, 21 Oct 2025, Mark Johnston wrote: > The branch main has been updated by markj: > > URL: https://cgit.FreeBSD.org/src/commit/?id=e11768e94787bef2866486ba8616353716a10447 > > commit e11768e94787bef2866486ba8616353716a10447 > Author: Mark Johnston > AuthorDate: 2025-10-21 17:34:29 +0000 > Commit: Mark Johnston > CommitDate: 2025-10-21 17:34:29 +0000 > > vmm: Add PRIV_DRIVER checks for passthru ioctls > > In preparation for allowing non-root users to create and access bhyve > VMs, add privilege checks for ioctls which operate on passthru devices. Does this mean we need to have a way to give a user a priveledge in order to also use pssthru (likely not easily possible currently; different longer topic I am happy to talk about as it came up elsewhere recently). That said if we go there I think DRIVER may be a dangerous priveledge but then again the user may need to setup interfaces for networking just as well which is kind of orthotognal to the system administration concept. Giving a user PRIV_DRIVER is likely never ever going to be a good idea given the catchall it is used as so we one day might need a more flexible, more finegrained system ... So in conclusion what your commit message is saying (if I understand it right): a user will be allowed to start bhyve but not be allowed to use certain features, like passthru? > Reviewed by: corvink > MFC after: 2 weeks > Sponsored by: The FreeBSD Foundation > Sponsored by: Klara, Inc. > Differential Revision: https://reviews.freebsd.org/D53144 > --- > sys/amd64/vmm/vmm_dev_machdep.c | 18 +++++++++++------- > sys/dev/vmm/vmm_dev.c | 7 +++++++ > sys/dev/vmm/vmm_dev.h | 1 + > 3 files changed, 19 insertions(+), 7 deletions(-) -- Bjoern A. Zeeb r15:7