BHyVe as non root
Peter Grehan
grehan at freebsd.org
Thu Jan 16 21:21:15 UTC 2014
Hi Andrea,
> do you see any particolar problem (devices who need to have the owner
> changed, limitations of any kind...?) in running BHyVe as non-root?
There's 2 issues - firstly, bhyve is new and hasn't had a lot of
exposure. It's probably safest to restrict it to root for a while to
avoid exposing non-root users to unforeseen security issues.
Secondly, the current implementation doesn't tie all resource usage to
a process. The split of bhyveload/bhyve allows VM memory to be tied to a
memory object associated with the VM. This complicates the tracking
system memory usage, which is usually done on a process basis. The fix
for this, in progress, is to use a single process for a VM, and avoid a
separate loading process.
The goal is to allow non-root usage, but there's still a ways to go
for that.
later,
Peter.
More information about the freebsd-virtualization
mailing list