Date: Mon, 17 Jun 2024 19:39:26 +0200 From: Mario Marietto <marietto2008@gmail.com> To: Dave Cottlehuber <dch@skunkwerks.at> Cc: Odhiambo Washington <odhiambo@gmail.com>, freebsd-virtualization <freebsd-virtualization@freebsd.org> Subject: Re: How to launch a bhyve vm as normal user,without being root Message-ID: <CA%2B1FSighjAkOAtzyX3HBy4h0ZnTVckjF9adnWMpAR3m=xW0dUA@mail.gmail.com> In-Reply-To: <86a551c1-7f10-450d-a282-b33f959ed93e@app.fastmail.com> References: <CA%2B1FSiimo=-0s80QeGMuLnJAzxi53-V6s303YuW36UkYnqfB-g@mail.gmail.com> <CAAdA2WPrtG_VaLuE8UfBwxanyfNzgLqeBCvpJMvRETdcUSmMEg@mail.gmail.com> <CA%2B1FSijLiq0WMdCvJfQC%2BvtBxXc6iSMD6WQAMavGpg%2BsmCuTFg@mail.gmail.com> <86a551c1-7f10-450d-a282-b33f959ed93e@app.fastmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--00000000000088fabc061b197457 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable [marietto@marietto /bhyve]=3D=3D> sudo cp 12-Win-11-vm12 /usr/sbin [marietto@marietto /bhyve]=3D=3D> nano /usr/sbin/12-Win-11-vm12 #!/bin/sh bhyve-win -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \ -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \ -s 0,hostbridge \ -s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,bootindex=3D1 \ -s 2,ahci-hd,/dev/$vmdisk5 \ -s 8:0,passthru,2/0/0 \ -s 8:1,passthru,2/0/1 \ -s 8:2,passthru,2/0/2 \ -s 8:3,passthru,2/0/3 \ -s 13,virtio-net,tap12 \ -s 29,fbuf,tcp=3D0.0.0.0:5912,w=3D1600,h=3D950,wait \ -s 30,xhci,tablet \ -s 31,lpc \ -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \ vm0:12 < /dev/null & sleep 2 && vncviewer 0:12 [marietto@marietto /bhyve]=3D=3D> sudo chmod 0755 /usr/sbin/12-Win-11-vm12 [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/local/etc/doas.conf permit nopass :wheel as root cmd /usr/sbin/bhyve-win permit nopass :wheel as root cmd /usr/sbin/bhyve-lin [marietto@marietto /bhyve]=3D=3D> doas /usr/sbin/12-Win-11-vm12 doas: Operation not permitted BUT : [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/sbin/hallo #!/bin/sh echo hallo $USER [marietto@marietto /bhyve]=3D=3D> sudo chmod 0755 /usr/sbin/hallo [marietto@marietto /bhyve]=3D=3D> sudo nano /usr/local/etc/doas.conf permit nopass :wheel as root cmd hallo [marietto@marietto /bhyve]=3D=3D> doas hallo BOOM ! it works : hallo root On Mon, Jun 17, 2024 at 6:54=E2=80=AFPM Dave Cottlehuber <dch@skunkwerks.at= > wrote: > On Mon, 17 Jun 2024, at 14:12, Mario Marietto wrote: > > Nice idea,but it does not work : > > > > nano /home/marietto/.zshrc > > > > # ~/.zshrc > > Hi Mario, I think your zsh stuff is getting in the way > here. Your zshrc function is not visible to the root user, > as doas cleans up all the env and so your function is unknown. > > So start off with something without bhyve, make sure you are in > wheel group, and add a shell script called > /usr/local/bin/hallo: > > ``` > #!/bin/sh > echo hallo $USER > ``` > > chmod 0755 /usr/local/bin/hallo > > ``` > # /usr/local/etc/doas.conf (per doas.conf manpage) > permit nopass :wheel as root cmd /usr/local/bin/hallo > ``` > > $ doas /usr/local/bin/hallo > hallo root > > then replace your bhyve commands in the hallo script. > > Off the top of my head there's no reason for bhyve to need > anything different to hallo script. > A+ > Dave > --=20 Mario. --00000000000088fabc061b197457 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div>[marietto@marietto /bhyve]=3D=3D> sudo cp 12-Win-1= 1-vm12 /usr/sbin</div><div><br></div><div>[marietto@marietto /bhyve]=3D=3D&= gt; nano /usr/sbin/12-Win-11-vm12</div><div><br></div><div>#!/bin/sh</div><= div><br></div><div>bhyve-win -S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G = -w -H \<br>-S -c sockets=3D4,cores=3D2,threads=3D1 -m 8G -w -H \<br>-s 0,ho= stbridge \<br>-s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,booti= ndex=3D1 \<br>-s 2,ahci-hd,/dev/$vmdisk5 \<br>-s 8:0,passthru,2/0/0 \<br>-s= 8:1,passthru,2/0/1 \<br>-s 8:2,passthru,2/0/2 \<br>-s 8:3,passthru,2/0/3 \= <br>-s 13,virtio-net,tap12 \<br>-s 29,fbuf,tcp=3D<a href=3D"http://0.0.0.0:= 5912">0.0.0.0:5912</a>,w=3D1600,h=3D950,wait \<br>-s 30,xhci,tablet \<br>-s= 31,lpc \<br>-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \= <br>vm0:12 < /dev/null & sleep 2 && vncviewer 0:12</div><div= ><br></div><div> <div>[marietto@marietto /bhyve]=3D=3D> sudo chmod 0755 /usr/sbin/12-Win-= 11-vm12</div><div><br></div><div>[marietto@marietto /bhyve]=3D=3D> sudo = nano /usr/local/etc/doas.conf</div><div><br></div><div>permit nopass :wheel= as root cmd /usr/sbin/bhyve-win<br>permit nopass :wheel as root cmd /usr/s= bin/bhyve-lin</div><div><br></div><div> [marietto@marietto /bhyve]=3D=3D> doas /usr/sbin/12-Win-11-vm12</div><di= v></div><div>doas: Operation not permitted</div></div><div><br></div><div>B= UT :</div><div><br></div><div>[marietto@marietto /bhyve]=3D=3D> sudo nan= o /usr/sbin/hallo<br> <br> #!/bin/sh<br> echo hallo $USER</div><div><br></div><div> [marietto@marietto /bhyve]=3D=3D> sudo chmod 0755 /usr/sbin/hallo</div><= div><br></div><div>[marietto@marietto /bhyve]=3D=3D> sudo nano /usr/loca= l/etc/doas.conf<br></div><div><br></div><div>permit nopass :wheel as root c= md hallo</div><div><br></div><div>[marietto@marietto /bhyve]=3D=3D> doas= hallo</div><div><br></div><div>BOOM ! it works :</div><div></div><div><br> </div><div>hallo root</div></div><br><div class=3D"gmail_quote"><div dir=3D= "ltr" class=3D"gmail_attr">On Mon, Jun 17, 2024 at 6:54=E2=80=AFPM Dave Cot= tlehuber <<a href=3D"mailto:dch@skunkwerks.at">dch@skunkwerks.at</a>>= wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px = 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Mon, = 17 Jun 2024, at 14:12, Mario Marietto wrote:<br> > Nice idea,but it does not work :<br> ><br> > nano /home/marietto/.zshrc<br> ><br> > # ~/.zshrc<br> <br> Hi Mario, I think your zsh stuff is getting in the way<br> here. Your zshrc function is not visible to the root user,<br> as doas cleans up all the env and so your function is unknown.<br> <br> So start off with something without bhyve, make sure you are in<br> wheel group, and add a shell script called<br> /usr/local/bin/hallo:<br> <br> ```<br> #!/bin/sh<br> echo hallo $USER<br> ```<br> <br> chmod 0755 /usr/local/bin/hallo<br> <br> ```<br> # /usr/local/etc/doas.conf (per doas.conf manpage)<br> permit nopass :wheel as root cmd /usr/local/bin/hallo<br> ```<br> <br> $ doas /usr/local/bin/hallo<br> hallo root<br> <br> then replace your bhyve commands in the hallo script.<br> <br> Off the top of my head there's no reason for bhyve to need<br> anything different to hallo script.<br> A+<br> Dave<br> </blockquote></div><br clear=3D"all"><br><span class=3D"gmail_signature_pre= fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Mario.<br></d= iv> --00000000000088fabc061b197457--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B1FSighjAkOAtzyX3HBy4h0ZnTVckjF9adnWMpAR3m=xW0dUA>