b=SjPSCDaZp4Zq2ON1ToDI3RxxnqUp6jlEZ62ih45CNsRGEmzAQt8CI30Q0SW/SVu2+y 92wPU/LZIw0KYgH5Jn76JwbtzZCy7Oi+KgoVgOQSjJBxcgX3qSuUxpV2B8JgDdXH84vA Cs9GEXqlbIFsedkfKthrDNhA/tfwAYLGKgfxwnESLDXDFsQAqlTBcLItzLHbqXSogVQH UAgy4cRP/RHMXPOx6Z3kG/aYfrBeteW7XuAfaKROER1BQi1JH9Bz7/iooPldSzSZvR+v GFYY9x6gmMGq7Rai3rQwF4OpHeDA7+sAuMyK5rmQovSFjLo38SMsMT1cTSLtT5o8S2ek NX8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761085119; x=1761689919; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:sender:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wuXORG2bAoeV/UCX4A3LHwY2OsSKt5lEjCEc0FFrBQQ=; b=q9D3UKuZegPl3Z9/q1kCcdLzuFU3bScpXwkk7Jrb90pI8WjKD2inBYFrS05OSafCE9 ldBA7mgW4WXUI3jSGq1jR3hjlT6TO1vyXI5izQFe97BOMimvVKjJpq+U0XS2ISgl2jKR QlwnWyGVDEp5RiMYcDtcTSbrRpLlqruz9pPmdEVCcyvzRBbBcgba7Y4jjR+TyXEVtsi2 nrgAEdGZVJawkZLc94r+5pYZIIu+cGCjS5FyHbV7+TL2kuAY2MYhu4vKDXLA6CLlAlb6 nBd8A2Aili//HXiIe8O+ypr8wufkoJy8pGy1gHEUGUwLAQFHTQmc2BdJQjPODRIHmWgh rjLw== X-Forwarded-Encrypted: i=1; AJvYcCXuNQPd/9Th/WMMmcp4Y2QFRpDjPh+WNRreErEknh0ptgIrKso2o23ZZLp0Rc6jW+8AHRiQtugeInC1P53Df8PgphyhJQ==@freebsd.org X-Gm-Message-State: AOJu0YyF4lERMDz5ke4za+lOfhdhhJ4IXHKpeD/Zy1I9RuN8zX8qIvlu t/DHl+TrXT2Muds8ik0DalfP2pFAG2XvokoG5qX+khxF1NNOO+IR/xxm7Z4CWja0uIE= X-Gm-Gg: ASbGncsmlzrNaIlMKv3CSLURwMYOMD/mgowGIQHAuux5Dje+7cI0rHIx6kfUJc+Mh0E yzNKDsMFbl74FE2m0lsmUCDOdYsjZ0Ze7Vhs0dfONOEnZdUFW3dHUovPkJKMoO3qsCK6N6xehxi 3h6A1/ZmAWTxDrCaak6upHJ8nuDLPM04w8o6sxjco0LN54KGSas03gcXC2mGOLD2GqAWIWpD87P tlx0mpEXkrZFdq0B7fM+xMugIri7suuFbiwTZyYJUwpkoP6tg9tWWeJrT5ifPhKjqhpn7fPpJzy s7eNIhWcbmOPE70e1Vb/ITej5zi44xLTnf/sNWJO+mAi/ZwfdxhHYlePRg30C9RvQKWVnHcudIG Pnf7+ek/uVDeSxz2/CDw+FODq/uX3j5iDmK5ODSuzkB2LjRqswixaUIksb2lXt8KLLRDtuw10uW gro0fknV14LJ6qwlKGEA== X-Google-Smtp-Source: AGHT+IFm6vIF7dxAQRbzeaeBovGWt8Vts2kVLJbeK2QG2YEUP1ZIji5L9+NJ2FwaONI01i694KiHmA== X-Received: by 2002:ac8:5646:0:b0:4e8:9f18:6e5e with SMTP id d75a77b69052e-4e89f187138mr160277451cf.33.1761085118655; Tue, 21 Oct 2025 15:18:38 -0700 (PDT) Received: from nuc (192-0-220-237.cpe.teksavvy.com. [192.0.220.237]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4e8af0126a9sm77979121cf.12.2025.10.21.15.18.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Oct 2025 15:18:37 -0700 (PDT) Date: Tue, 21 Oct 2025 18:18:34 -0400 From: Mark Johnston To: "Bjoern A. Zeeb" Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: e11768e94787 - main - vmm: Add PRIV_DRIVER checks for passthru ioctls Message-ID: References: <202510211749.59LHnJ49029334@gitrepo.freebsd.org> <5pr96847-3p44-6043-50o4-4np23n9022q3@mnoonqbm.arg> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5pr96847-3p44-6043-50o4-4np23n9022q3@mnoonqbm.arg> X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Queue-Id: 4crmsY1Cdsz3FQt On Tue, Oct 21, 2025 at 09:02:59PM +0000, Bjoern A. Zeeb wrote: > On Tue, 21 Oct 2025, Mark Johnston wrote: > > > The branch main has been updated by markj: > > > > URL: https://cgit.FreeBSD.org/src/commit/?id=e11768e94787bef2866486ba8616353716a10447 > > > > commit e11768e94787bef2866486ba8616353716a10447 > > Author: Mark Johnston > > AuthorDate: 2025-10-21 17:34:29 +0000 > > Commit: Mark Johnston > > CommitDate: 2025-10-21 17:34:29 +0000 > > > > vmm: Add PRIV_DRIVER checks for passthru ioctls > > > > In preparation for allowing non-root users to create and access bhyve > > VMs, add privilege checks for ioctls which operate on passthru devices. > > Does this mean we need to have a way to give a user a priveledge in order > to also use pssthru (likely not easily possible currently; different longer > topic I am happy to talk about as it came up elsewhere recently). > > That said if we go there I think DRIVER may be a dangerous priveledge > but then again the user may need to setup interfaces for networking just > as well which is kind of orthotognal to the system administration concept. > > Giving a user PRIV_DRIVER is likely never ever going to be a good idea given > the catchall it is used as so we one day might need a more flexible, more > finegrained system ... > > > So in conclusion what your commit message is saying (if I understand it right): > a user will be allowed to start bhyve but not be allowed to use certain features, > like passthru? That's right. I'd like to make it possible to create and run bhyve VMs as an unprivileged user (provided that they belong to an as-yet uncreated "vmm" group), but passthru functionality will remain root-only. > > Reviewed by: corvink > > MFC after: 2 weeks > > Sponsored by: The FreeBSD Foundation > > Sponsored by: Klara, Inc. > > Differential Revision: https://reviews.freebsd.org/D53144 > > --- > > sys/amd64/vmm/vmm_dev_machdep.c | 18 +++++++++++------- > > sys/dev/vmm/vmm_dev.c | 7 +++++++ > > sys/dev/vmm/vmm_dev.h | 1 + > > 3 files changed, 19 insertions(+), 7 deletions(-) > > -- > Bjoern A. Zeeb r15:7