From nobody Thu Feb 19 17:16:30 2026
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fH0R30P5Kz6S6x7
	for <dev-commits-src-main@mlmmj.nyi.freebsd.org>; Thu, 19 Feb 2026 17:16:31 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4fH0R251sWz3FKZ
	for <dev-commits-src-main@FreeBSD.org>; Thu, 19 Feb 2026 17:16:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1771521390;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=aBnXmTCvXK5eOHy+/ecIgda4LV4ze/gqUyDtkDpwdB8=;
	b=eanbm+ZS3mzwL0+cqph+F1oLv+tv0RcimLkMt9qaXb1bdJkkpBiDWb7s+qNaNg+8woNeT/
	gBG8EYHm5oU1jeCC2bCCzT11VJWmG3YVk8O68eOxtYfLWl14XoMGvK5OYe2ksj5BImIgmS
	4yhfWBdwgw4zlnFdSjYeuof4GJUOBMhPqiDSEhW28uv1uNej2b7AdZEa5j92XzzStrzWV8
	KMjByIHFLL0iQNApBLOxNQLkwSYP9HY1PJwzPmVB3UVeFr1yke2bt3xP8wtjaA9mmv0F54
	vY7cCuhBD1BFISXRzwpNh03mfWkqoi5X+g3A7YYedHn2/K9eu9MpQmscBUpwIQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1771521390; a=rsa-sha256; cv=none;
	b=PvSqb4jZe/30hJfsUMPuIZJlAPH+UvqGibmGkCW0PnEctEKWaBseD5eHNzxL5mLYBd401M
	XGugD3+YsHb7/3RVxBSJ86T2AyyT7F50FEDJ3djAIBUfLWSoGmLeG1zRWkLqJ2+zYaJsl9
	CUS70Pyt5y1/x2xn8q6Xexd92ZJay1RRfRe7gCvN/hK2VPLJyjTMoOWgra7v3bMwauyl57
	gvGwxemtX0KGtWEuxHiABiMuuaDYLe7Jxu0XBuTtb1yIFFZQY65UkjuO6fHAGuptoz6dRF
	SYLKYKAZo6W+x/leqXswpb7EckM/p4o9FyFAEe04gH2CQWTHm8qyoK0Yjn6DjQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1771521390;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=aBnXmTCvXK5eOHy+/ecIgda4LV4ze/gqUyDtkDpwdB8=;
	b=AujVconK4+XNtB4yF/81Mj3vAlEpQN3hGRSIzt0G1q1L5tx825fnI0d71rtsmp1RnxDB3h
	wVcoZuXh7qvgBpyhWo9fHD1cKAZ6ckvW8W9bTlagGoIsjxmHO9wYTb6DyU+RNCBkAvAFx8
	7JMgkRgHAQ/JnJgRo2N/NdHFNoOg3a7Xw6S5H7wl49N0f4VLPgtZfY0qaY5T5biABSLJlU
	UeiJUSFqDWRs4LO5kVHku5tBeRgtcZGjKF3MI45AVlC29m+J3FXWJiQUQ47WBF7QVGxT5I
	MAfcJvZRr3Dii3yAdXgU1//9iTxybnTso9zXUerLOK+04nAgUWh5xL2ZBb+OWA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fH0R24czWzs2H
	for <dev-commits-src-main@FreeBSD.org>; Thu, 19 Feb 2026 17:16:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 38aa5
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Thu, 19 Feb 2026 17:16:30 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: af099eaa5ec3 - main - vmm: Enable unprivileged bhyve
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: af099eaa5ec3604639807b7c5d3ed5be336e5643
Auto-Submitted: auto-generated
Date: Thu, 19 Feb 2026 17:16:30 +0000
Message-Id: <6997456e.38aa5.1ce21597@gitrepo.freebsd.org>

The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=af099eaa5ec3604639807b7c5d3ed5be336e5643

commit af099eaa5ec3604639807b7c5d3ed5be336e5643
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2026-02-19 14:38:46 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2026-02-19 17:16:15 +0000

    vmm: Enable unprivileged bhyve
    
    - Add the vmm group.
    - Let /dev/vmmctl belong to the vmm group by default, and give group
      write permissions.
    - When creating a VM's device files, make them owned by the creating
      process' effective UID.
    
    Reviewed by:    bnovkov
    MFC after:      2 months
    Sponsored by:   The FreeBSD Foundation
    Sponsored by:   Klara, Inc.
    Differential Revision:  https://reviews.freebsd.org/D54741
---
 etc/group             |  1 +
 sys/dev/vmm/vmm_dev.c | 10 +++++-----
 sys/sys/conf.h        |  1 +
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/etc/group b/etc/group
index 35df51838ae4..af42fa1bcc11 100644
--- a/etc/group
+++ b/etc/group
@@ -34,5 +34,6 @@ ntpd:*:123:
 _ypldap:*:160:
 hast:*:845:
 tests:*:977:
+vmm:*:978:
 nogroup:*:65533:
 nobody:*:65534:
diff --git a/sys/dev/vmm/vmm_dev.c b/sys/dev/vmm/vmm_dev.c
index 5d7802f929ae..0e5477745db5 100644
--- a/sys/dev/vmm/vmm_dev.c
+++ b/sys/dev/vmm/vmm_dev.c
@@ -1033,8 +1033,8 @@ vmmdev_create(const char *name, uint32_t flags, struct ucred *cred)
 	make_dev_args_init(&mda);
 	mda.mda_devsw = &vmmdevsw;
 	mda.mda_cr = sc->ucred;
-	mda.mda_uid = UID_ROOT;
-	mda.mda_gid = GID_WHEEL;
+	mda.mda_uid = cred->cr_uid;
+	mda.mda_gid = GID_VMM;
 	mda.mda_mode = 0600;
 	mda.mda_si_drv1 = sc;
 	mda.mda_flags = MAKEDEV_CHECKNAME | MAKEDEV_WAITOK;
@@ -1201,7 +1201,7 @@ vmmdev_init(void)
 
 	sx_xlock(&vmmdev_mtx);
 	error = make_dev_p(MAKEDEV_CHECKNAME, &vmmctl_cdev, &vmmctlsw, NULL,
-	    UID_ROOT, GID_WHEEL, 0600, "vmmctl");
+	    UID_ROOT, GID_VMM, 0660, "vmmctl");
 	if (error == 0) {
 		pr_allow_vmm_flag = prison_add_allow(NULL, "vmm", NULL,
 		    "Allow use of vmm in a jail");
@@ -1357,8 +1357,8 @@ devmem_create_cdev(struct vmmdev_softc *sc, int segid, char *devname)
 	make_dev_args_init(&mda);
 	mda.mda_devsw = &devmemsw;
 	mda.mda_cr = sc->ucred;
-	mda.mda_uid = UID_ROOT;
-	mda.mda_gid = GID_WHEEL;
+	mda.mda_uid = sc->ucred->cr_uid;
+	mda.mda_gid = GID_VMM;
 	mda.mda_mode = 0600;
 	mda.mda_si_drv1 = dsc;
 	mda.mda_flags = MAKEDEV_CHECKNAME | MAKEDEV_WAITOK;
diff --git a/sys/sys/conf.h b/sys/sys/conf.h
index a830c9d4c622..e5a6be9b891c 100644
--- a/sys/sys/conf.h
+++ b/sys/sys/conf.h
@@ -160,6 +160,7 @@ typedef int dumper_hdr_t(struct dumperinfo *di, struct kerneldumpheader *kdh);
 #define		GID_ID_PRIO	48
 #define		GID_DIALER	68
 #define		GID_U2F		116
+#define		GID_VMM		978
 #define		GID_NOGROUP	65533
 #define		GID_NOBODY	65534