Re: How to launch a bhyve vm as normal user,without being root

From: Mark Peek <mp_at_freebsd.org>
Date: Mon, 17 Jun 2024 17:52:53 UTC
Likely need to add this as it is what you are passing to doas as the
command to execute:

permit nopass :wheel as root cmd /usr/sbin/12-Win-11-vm12

Mark

On Mon, Jun 17, 2024 at 10:40 AM Mario Marietto <marietto2008@gmail.com> wrote:
>
> [marietto@marietto /bhyve]==> sudo cp 12-Win-11-vm12 /usr/sbin
>
> [marietto@marietto /bhyve]==> nano /usr/sbin/12-Win-11-vm12
>
> #!/bin/sh
>
> bhyve-win -S -c sockets=4,cores=2,threads=1 -m 8G -w -H \
> -S -c sockets=4,cores=2,threads=1 -m 8G -w -H \
> -s 0,hostbridge \
> -s 1,ahci-hd,/mnt/da4p2/bhyve/img/Windows/Windows11.img,bootindex=1 \
> -s 2,ahci-hd,/dev/$vmdisk5 \
> -s 8:0,passthru,2/0/0 \
> -s 8:1,passthru,2/0/1 \
> -s 8:2,passthru,2/0/2 \
> -s 8:3,passthru,2/0/3 \
> -s 13,virtio-net,tap12 \
> -s 29,fbuf,tcp=0.0.0.0:5912,w=1600,h=950,wait \
> -s 30,xhci,tablet \
> -s 31,lpc \
> -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd \
> vm0:12 < /dev/null & sleep 2 && vncviewer 0:12
>
> [marietto@marietto /bhyve]==> sudo chmod 0755 /usr/sbin/12-Win-11-vm12
>
> [marietto@marietto /bhyve]==> sudo nano /usr/local/etc/doas.conf
>
> permit nopass :wheel as root cmd /usr/sbin/bhyve-win
> permit nopass :wheel as root cmd /usr/sbin/bhyve-lin
>
> [marietto@marietto /bhyve]==> doas /usr/sbin/12-Win-11-vm12
> doas: Operation not permitted
>
> BUT :
>
> [marietto@marietto /bhyve]==> sudo nano /usr/sbin/hallo
>
> #!/bin/sh
> echo hallo $USER
>
> [marietto@marietto /bhyve]==> sudo chmod 0755 /usr/sbin/hallo
>
> [marietto@marietto /bhyve]==> sudo nano /usr/local/etc/doas.conf
>
> permit nopass :wheel as root cmd hallo
>
> [marietto@marietto /bhyve]==> doas hallo
>
> BOOM ! it works :
>
> hallo root
>
> On Mon, Jun 17, 2024 at 6:54 PM Dave Cottlehuber <dch@skunkwerks.at> wrote:
>>
>> On Mon, 17 Jun 2024, at 14:12, Mario Marietto wrote:
>> > Nice idea,but it does not work :
>> >
>> > nano /home/marietto/.zshrc
>> >
>> > # ~/.zshrc
>>
>> Hi Mario, I think your zsh stuff is getting in the way
>> here. Your zshrc function is not visible to the root user,
>> as doas cleans up all the env and so your function is unknown.
>>
>> So start off with something without bhyve, make sure you are in
>> wheel group, and add a shell script called
>> /usr/local/bin/hallo:
>>
>> ```
>> #!/bin/sh
>> echo hallo $USER
>> ```
>>
>> chmod 0755 /usr/local/bin/hallo
>>
>> ```
>> # /usr/local/etc/doas.conf (per doas.conf manpage)
>> permit nopass :wheel as root cmd /usr/local/bin/hallo
>> ```
>>
>> $ doas /usr/local/bin/hallo
>> hallo root
>>
>> then replace your bhyve commands in the hallo script.
>>
>> Off the top of my head there's no reason for bhyve to need
>> anything different to hallo script.
>> A+
>> Dave
>
>
>
> --
> Mario.