git: af099eaa5ec3 - main - vmm: Enable unprivileged bhyve

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Thu, 19 Feb 2026 17:16:30 UTC 
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=af099eaa5ec3604639807b7c5d3ed5be336e5643

commit af099eaa5ec3604639807b7c5d3ed5be336e5643
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2026-02-19 14:38:46 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2026-02-19 17:16:15 +0000

    vmm: Enable unprivileged bhyve
    
    - Add the vmm group.
    - Let /dev/vmmctl belong to the vmm group by default, and give group
      write permissions.
    - When creating a VM's device files, make them owned by the creating
      process' effective UID.
    
    Reviewed by:    bnovkov
    MFC after:      2 months
    Sponsored by:   The FreeBSD Foundation
    Sponsored by:   Klara, Inc.
    Differential Revision:  https://reviews.freebsd.org/D54741
---
 etc/group             |  1 +
 sys/dev/vmm/vmm_dev.c | 10 +++++-----
 sys/sys/conf.h        |  1 +
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/etc/group b/etc/group
index 35df51838ae4..af42fa1bcc11 100644
--- a/etc/group
+++ b/etc/group
@@ -34,5 +34,6 @@ ntpd:*:123:
 _ypldap:*:160:
 hast:*:845:
 tests:*:977:
+vmm:*:978:
 nogroup:*:65533:
 nobody:*:65534:
diff --git a/sys/dev/vmm/vmm_dev.c b/sys/dev/vmm/vmm_dev.c
index 5d7802f929ae..0e5477745db5 100644
--- a/sys/dev/vmm/vmm_dev.c
+++ b/sys/dev/vmm/vmm_dev.c
@@ -1033,8 +1033,8 @@ vmmdev_create(const char *name, uint32_t flags, struct ucred *cred)
 	make_dev_args_init(&mda);
 	mda.mda_devsw = &vmmdevsw;
 	mda.mda_cr = sc->ucred;
-	mda.mda_uid = UID_ROOT;
-	mda.mda_gid = GID_WHEEL;
+	mda.mda_uid = cred->cr_uid;
+	mda.mda_gid = GID_VMM;
 	mda.mda_mode = 0600;
 	mda.mda_si_drv1 = sc;
 	mda.mda_flags = MAKEDEV_CHECKNAME | MAKEDEV_WAITOK;
@@ -1201,7 +1201,7 @@ vmmdev_init(void)
 
 	sx_xlock(&vmmdev_mtx);
 	error = make_dev_p(MAKEDEV_CHECKNAME, &vmmctl_cdev, &vmmctlsw, NULL,
-	    UID_ROOT, GID_WHEEL, 0600, "vmmctl");
+	    UID_ROOT, GID_VMM, 0660, "vmmctl");
 	if (error == 0) {
 		pr_allow_vmm_flag = prison_add_allow(NULL, "vmm", NULL,
 		    "Allow use of vmm in a jail");
@@ -1357,8 +1357,8 @@ devmem_create_cdev(struct vmmdev_softc *sc, int segid, char *devname)
 	make_dev_args_init(&mda);
 	mda.mda_devsw = &devmemsw;
 	mda.mda_cr = sc->ucred;
-	mda.mda_uid = UID_ROOT;
-	mda.mda_gid = GID_WHEEL;
+	mda.mda_uid = sc->ucred->cr_uid;
+	mda.mda_gid = GID_VMM;
 	mda.mda_mode = 0600;
 	mda.mda_si_drv1 = dsc;
 	mda.mda_flags = MAKEDEV_CHECKNAME | MAKEDEV_WAITOK;
diff --git a/sys/sys/conf.h b/sys/sys/conf.h
index a830c9d4c622..e5a6be9b891c 100644
--- a/sys/sys/conf.h
+++ b/sys/sys/conf.h
@@ -160,6 +160,7 @@ typedef int dumper_hdr_t(struct dumperinfo *di, struct kerneldumpheader *kdh);
 #define		GID_ID_PRIO	48
 #define		GID_DIALER	68
 #define		GID_U2F		116
+#define		GID_VMM		978
 #define		GID_NOGROUP	65533
 #define		GID_NOBODY	65534