b=SjPSCDaZp4Zq2ON1ToDI3RxxnqUp6jlEZ62ih45CNsRGEmzAQt8CI30Q0SW/SVu2+y
         92wPU/LZIw0KYgH5Jn76JwbtzZCy7Oi+KgoVgOQSjJBxcgX3qSuUxpV2B8JgDdXH84vA
         Cs9GEXqlbIFsedkfKthrDNhA/tfwAYLGKgfxwnESLDXDFsQAqlTBcLItzLHbqXSogVQH
         UAgy4cRP/RHMXPOx6Z3kG/aYfrBeteW7XuAfaKROER1BQi1JH9Bz7/iooPldSzSZvR+v
         GFYY9x6gmMGq7Rai3rQwF4OpHeDA7+sAuMyK5rmQovSFjLo38SMsMT1cTSLtT5o8S2ek
         NX8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1761085119; x=1761689919;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:sender:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=wuXORG2bAoeV/UCX4A3LHwY2OsSKt5lEjCEc0FFrBQQ=;
        b=q9D3UKuZegPl3Z9/q1kCcdLzuFU3bScpXwkk7Jrb90pI8WjKD2inBYFrS05OSafCE9
         ldBA7mgW4WXUI3jSGq1jR3hjlT6TO1vyXI5izQFe97BOMimvVKjJpq+U0XS2ISgl2jKR
         QlwnWyGVDEp5RiMYcDtcTSbrRpLlqruz9pPmdEVCcyvzRBbBcgba7Y4jjR+TyXEVtsi2
         nrgAEdGZVJawkZLc94r+5pYZIIu+cGCjS5FyHbV7+TL2kuAY2MYhu4vKDXLA6CLlAlb6
         nBd8A2Aili//HXiIe8O+ypr8wufkoJy8pGy1gHEUGUwLAQFHTQmc2BdJQjPODRIHmWgh
         rjLw==
X-Forwarded-Encrypted: i=1; AJvYcCXuNQPd/9Th/WMMmcp4Y2QFRpDjPh+WNRreErEknh0ptgIrKso2o23ZZLp0Rc6jW+8AHRiQtugeInC1P53Df8PgphyhJQ==@freebsd.org
X-Gm-Message-State: AOJu0YyF4lERMDz5ke4za+lOfhdhhJ4IXHKpeD/Zy1I9RuN8zX8qIvlu
	t/DHl+TrXT2Muds8ik0DalfP2pFAG2XvokoG5qX+khxF1NNOO+IR/xxm7Z4CWja0uIE=
X-Gm-Gg: ASbGncsmlzrNaIlMKv3CSLURwMYOMD/mgowGIQHAuux5Dje+7cI0rHIx6kfUJc+Mh0E
	yzNKDsMFbl74FE2m0lsmUCDOdYsjZ0Ze7Vhs0dfONOEnZdUFW3dHUovPkJKMoO3qsCK6N6xehxi
	3h6A1/ZmAWTxDrCaak6upHJ8nuDLPM04w8o6sxjco0LN54KGSas03gcXC2mGOLD2GqAWIWpD87P
	tlx0mpEXkrZFdq0B7fM+xMugIri7suuFbiwTZyYJUwpkoP6tg9tWWeJrT5ifPhKjqhpn7fPpJzy
	s7eNIhWcbmOPE70e1Vb/ITej5zi44xLTnf/sNWJO+mAi/ZwfdxhHYlePRg30C9RvQKWVnHcudIG
	Pnf7+ek/uVDeSxz2/CDw+FODq/uX3j5iDmK5ODSuzkB2LjRqswixaUIksb2lXt8KLLRDtuw10uW
	gro0fknV14LJ6qwlKGEA==
X-Google-Smtp-Source: AGHT+IFm6vIF7dxAQRbzeaeBovGWt8Vts2kVLJbeK2QG2YEUP1ZIji5L9+NJ2FwaONI01i694KiHmA==
X-Received: by 2002:ac8:5646:0:b0:4e8:9f18:6e5e with SMTP id d75a77b69052e-4e89f187138mr160277451cf.33.1761085118655;
        Tue, 21 Oct 2025 15:18:38 -0700 (PDT)
Received: from nuc (192-0-220-237.cpe.teksavvy.com. [192.0.220.237])
        by smtp.gmail.com with ESMTPSA id d75a77b69052e-4e8af0126a9sm77979121cf.12.2025.10.21.15.18.36
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Oct 2025 15:18:37 -0700 (PDT)
Date: Tue, 21 Oct 2025 18:18:34 -0400
From: Mark Johnston <markj@freebsd.org>
To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org,
	dev-commits-src-main@freebsd.org
Subject: Re: git: e11768e94787 - main - vmm: Add PRIV_DRIVER checks for
 passthru ioctls
Message-ID: <aPgGuhzfCQBaqHu4@nuc>
References: <202510211749.59LHnJ49029334@gitrepo.freebsd.org>
 <5pr96847-3p44-6043-50o4-4np23n9022q3@mnoonqbm.arg>
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5pr96847-3p44-6043-50o4-4np23n9022q3@mnoonqbm.arg>
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Rspamd-Queue-Id: 4crmsY1Cdsz3FQt

On Tue, Oct 21, 2025 at 09:02:59PM +0000, Bjoern A. Zeeb wrote:
> On Tue, 21 Oct 2025, Mark Johnston wrote:
> 
> > The branch main has been updated by markj:
> > 
> > URL: https://cgit.FreeBSD.org/src/commit/?id=e11768e94787bef2866486ba8616353716a10447
> > 
> > commit e11768e94787bef2866486ba8616353716a10447
> > Author:     Mark Johnston <markj@FreeBSD.org>
> > AuthorDate: 2025-10-21 17:34:29 +0000
> > Commit:     Mark Johnston <markj@FreeBSD.org>
> > CommitDate: 2025-10-21 17:34:29 +0000
> > 
> >    vmm: Add PRIV_DRIVER checks for passthru ioctls
> > 
> >    In preparation for allowing non-root users to create and access bhyve
> >    VMs, add privilege checks for ioctls which operate on passthru devices.
> 
> Does this mean we need to have a way to give a user a priveledge in order
> to also use pssthru (likely not easily possible currently; different longer
> topic I am happy to talk about as it came up elsewhere recently).
> 
> That said if we go there I think DRIVER may be a dangerous priveledge
> but then again the user may need to setup interfaces for networking just
> as well which is kind of orthotognal to the system administration concept.
> 
> Giving a user PRIV_DRIVER is likely never ever going to be a good idea given
> the catchall it is used as so we one day might need a more flexible, more
> finegrained system ...
> 
> 
> So in conclusion what your commit message is saying (if I understand it right):
> a user will be allowed to start bhyve but not be allowed to use certain features,
> like passthru?

That's right.  I'd like to make it possible to create and run bhyve VMs
as an unprivileged user (provided that they belong to an as-yet
uncreated "vmm" group), but passthru functionality will remain
root-only.

> >    Reviewed by:    corvink
> >    MFC after:      2 weeks
> >    Sponsored by:   The FreeBSD Foundation
> >    Sponsored by:   Klara, Inc.
> >    Differential Revision:  https://reviews.freebsd.org/D53144
> > ---
> > sys/amd64/vmm/vmm_dev_machdep.c | 18 +++++++++++-------
> > sys/dev/vmm/vmm_dev.c           |  7 +++++++
> > sys/dev/vmm/vmm_dev.h           |  1 +
> > 3 files changed, 19 insertions(+), 7 deletions(-)
> 
> -- 
> Bjoern A. Zeeb                                                     r15:7