Re: How to launch a bhyve vm as normal user,without being root

From: Mario Marietto <marietto2008_at_gmail.com>
Date: Tue, 18 Jun 2024 08:09:45 UTC
This is mine :

# permit :wheel
# permit nopass keepenv marietto
# permit nopass keepenv root as root

permit nopass marietto cmd qemu-system-x86_64-debian_fs
permit nopass marietto cmd qemu-system-x86_64_debian_now
permit nopass marietto cmd qemu-system-x86_64_debian_proxy
permit nopass marietto cmd qemu-system-x86_64_debian_warp
permit nopass marietto cmd qemu-system-x86_64-debian_tuxler
permit nopass marietto cmd zpool
permit nopass marietto cmd mount
permit nopass marietto cmd fsck

permit nopass marietto as root cmd /usr/sbin/bhyve-win
permit nopass marietto as root cmd /usr/sbin/bhyve-lin
permit nopass marietto as root cmd /bhyve/12-Win-11-vm12
permit nopass marietto as root cmd /bhyve/01-Ubuntu-2310-vm1
permit nopass marietto as root cmd /bhyve/10-Debian-Now_wine-tkg-vm10
permit nopass marietto as root cmd /bhyve/02-Ubuntu-2310-vm2-hidden

I prefer to run as root only some specific applications.


On Tue, Jun 18, 2024 at 8:53 AM Odhiambo Washington <odhiambo@gmail.com>
wrote:

> ######/usr/local/etc/doas.conf#########################
> permit :wheel
> permit nopass keepenv :wheel
> permit alice as root
> permit keepenv bob as root
> permit cindy as root cmd pkg args update
> permit cindy as root cmd pkg args upgrade
> permit nolog david as root cmd id
> permit www as root cmd pfctl
> permit nopass *wash* as root cmd bhyve
>
> ####### /usr/local/bhyve-vms/scripts/debian.sh##############
> #!/usr/bin/env bash
> if ! kldstat | grep -w vmm.ko
> then
>         kldload -v vmm
> fi
> if ! kldstat | grep -w nmdm.ko
> then
>         kldload -v nmdm
> fi
> /usr/sbin/bhyve -S -c sockets=2,cores=2,threads=2 -m 4G -w -H -A \
> -s 0,hostbridge \
> -s 4,ahci-hd,/usr/local/bhyve-vms/Debian/debian.img,bootindex=1 \
> -s 5,virtio-net,tap3 \
> -s 7,virtio-9p,sharename=/ \
> -s 8,hda,play=/dev/dsp,rec=/dev/dsp \
> -s 29,fbuf,tcp=0.0.0.0:5904,w=1600,h=950 \
> -s 30,xhci,tablet \
> -s 31,lpc -l com1,stdio \
> -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \
> debian
>
> And all I do is `doas /usr/local/bhyve-vms/scripts/debian.sh`.
>
>
> On Mon, Jun 17, 2024 at 6:46 PM Mario Marietto <marietto2008@gmail.com>
> wrote:
>
>> Can you paste here the contents of doas.conf and debian.sh ? thanks.
>>
>> On Mon, Jun 17, 2024 at 5:35 PM Odhiambo Washington <odhiambo@gmail.com>
>> wrote:
>>
>>>
>>>
>>> On Mon, Jun 17, 2024 at 5:13 PM Mario Marietto <marietto2008@gmail.com>
>>> wrote:
>>>
>>>> Nice idea,but it does not work :
>>>>
>>>
>>> It worked for me!
>>>
>>> I created a bash script file named debian.sh which contained all the
>>> bhyve args to create the VM, then I just did:
>>>
>>> doas debian.sh
>>>
>>> And I actually successfully installed the VM and it's running
>>>
>>>
>>> --
>>> Best regards,
>>> Odhiambo WASHINGTON,
>>> Nairobi,KE
>>> +254 7 3200 0004/+254 7 2274 3223
>>>  In an Internet failure case, the #1 suspect is a constant: DNS.
>>> "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
>>> [How to ask smart questions:
>>> http://www.catb.org/~esr/faqs/smart-questions.html]
>>>
>>
>>
>> --
>> Mario.
>>
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
>  In an Internet failure case, the #1 suspect is a constant: DNS.
> "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
> [How to ask smart questions:
> http://www.catb.org/~esr/faqs/smart-questions.html]
>


-- 
Mario.