Date: Mon, 17 Jun 2024 10:52:53 -0700 From: Mark Peek <mp@freebsd.org> To: Mario Marietto <marietto2008@gmail.com> Cc: Dave Cottlehuber <dch@skunkwerks.at>, Odhiambo Washington <odhiambo@gmail.com>, freebsd-virtualization <freebsd-virtualization@freebsd.org> Subject: Re: How to launch a bhyve vm as normal user,without being root Message-ID: <CAGGgMJfoAHFv2uJBzz%2BcJ-pe0tUX=BVaCxM3y5SU-cUxGHcs9A@mail.gmail.com> In-Reply-To: <CA%2B1FSighjAkOAtzyX3HBy4h0ZnTVckjF9adnWMpAR3m=xW0dUA@mail.gmail.com> References: <CA%2B1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com> <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com> <CA%2B1FSijLiq0WMdCvJfQC%2BvtBxXc6iSMD6WQAMavGpg%2BsmCuTFg@mail.gmail.com> <86a551c1-7f10-450d-a282-b33f959ed93e@app.fastmail.com> <CA%2B1FSighjAkOAtzyX3HBy4h0ZnTVckjF9adnWMpAR3m=xW0dUA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Likely need to add this as it is what you are passing to doas as the command to execute: permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12 Mark On Mon, Jun 17, 2024 at 10:40=E2=80=AFAM Mario Marietto <marietto2008@gmail= .com> wrote: > > [marietto@marietto /bhyve]=3D=3D> sudo cp 12-Win-11-vm12 /usr/sbin > > [marietto@marietto /bhyve]=3D=3D> nano /usr/sbin/12-Win-11-vm12 > > #!/bin/sh > > bhyve-win -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \ > -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \ > -s 0,hostbridge \ > -s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,bootindex=3D1 \ > -s 2,ahci-hd,/dev/$vmdisk5 \ > -s 8:0,passthru,2/0/0 \ > -s 8:1,passthru,2/0/1 \ > -s 8:2,passthru,2/0/2 \ > -s 8:3,passthru,2/0/3 \ > -s 13,virtio-net,tap12 \ > -s 29,fbuf,tcp=3D0.0.0.0:5912,w=3D1600,h=3D950,wait \ > -s 30,xhci,tablet \ > -s 31,lpc \ > -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \ > vm0:12 < /dev/null & sleep 2 && vncviewer 0:12 > > [marietto@marietto /bhyve]=3D=3D> sudo chmod 0755 /usr/sbin/12-Win-11-vm1= 2 > > [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/local/etc/doas.conf > > permit nopass :wheel as root cmd /usr/sbin/bhyve-win > permit nopass :wheel as root cmd /usr/sbin/bhyve-lin > > [marietto@marietto /bhyve]=3D=3D> doas /usr/sbin/12-Win-11-vm12 > doas: Operation not permitted > > BUT : > > [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/sbin/hallo > > #!/bin/sh > echo hallo $USER > > [marietto@marietto /bhyve]=3D=3D> sudo chmod 0755 /usr/sbin/hallo > > [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/local/etc/doas.conf > > permit nopass :wheel as root cmd hallo > > [marietto@marietto /bhyve]=3D=3D> doas hallo > > BOOM ! it works : > > hallo root > > On Mon, Jun 17, 2024 at 6:54=E2=80=AFPM Dave Cottlehuber <dch@skunkwerks.= at> wrote: >> >> On Mon, 17 Jun 2024, at 14:12, Mario Marietto wrote: >> > Nice idea,but it does not work : >> > >> > nano /home/marietto/.zshrc >> > >> > # ~/.zshrc >> >> Hi Mario, I think your zsh stuff is getting in the way >> here. Your zshrc function is not visible to the root user, >> as doas cleans up all the env and so your function is unknown. >> >> So start off with something without bhyve, make sure you are in >> wheel group, and add a shell script called >> /usr/local/bin/hallo: >> >> ``` >> #!/bin/sh >> echo hallo $USER >> ``` >> >> chmod 0755 /usr/local/bin/hallo >> >> ``` >> # /usr/local/etc/doas.conf (per doas.conf manpage) >> permit nopass :wheel as root cmd /usr/local/bin/hallo >> ``` >> >> $ doas /usr/local/bin/hallo >> hallo root >> >> then replace your bhyve commands in the hallo script. >> >> Off the top of my head there's no reason for bhyve to need >> anything different to hallo script. >> A+ >> Dave > > > > -- > Mario.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGGgMJfoAHFv2uJBzz%2BcJ-pe0tUX=BVaCxM3y5SU-cUxGHcs9A>