Re: bhyve(load) does not start in jail on -CURRENT

In reply to: Mark Johnston : "Re: bhyve(load) does not start in jail on -CURRENT"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Roman Bogorodskiy <novel_at_freebsd.org>
Date: Sat, 28 Mar 2026 09:22:00 UTC

  Mark Johnston wrote:

> On Fri, Mar 27, 2026 at 06:35:16PM +0100, Roman Bogorodskiy wrote:
> > Hi,
> > 
> > I'm using jails to run some tests with bhyve and this setup works for me
> > with 15.0-RELEASE, but does not with 16.0-CURRENT.
> > 
> > The setup is as follows:
> > 
> > jail.conf:
> > 
> > testrunnergit {
> >   enforce_statfs = 2;
> >   devfs_ruleset = 44;
> >   exec.clean;
> >   exec.consolelog = /var/log/bastille/testrunnergit_console.log;
> >   exec.start = '/bin/sh /etc/rc';
> >   exec.stop = '/bin/sh /etc/rc.shutdown';
> >   host.hostname = testrunnergit;
> >   mount.devfs;
> >   mount.fstab = /usr/local/bastille/jails/testrunnergit/fstab;
> >   path = /usr/local/bastille/jails/testrunnergit/root;
> >   osrelease = 16.0-CURRENT;
> > 
> >   vnet;
> >   vnet.interface = e0b_bastille1;
> >   exec.prestart += "jib addm bastille1 vtnet0";
> >   exec.prestart += "ifconfig e0a_bastille1 description \"vnet0 host interface for Bastille jail testrunnergit\"";
> >   exec.poststop += "ifconfig e0a_bastille1 destroy";
> >   allow.chflags = 1;
> >   allow.raw_sockets = 1;
> >   allow.vmm = 1;
> >   allow.mount;
> >   allow.mount.devfs;
> >   allow.mount.fdescfs;
> >   allow.mount.procfs;
> >   mount.fdescfs;
> >   mount.procfs;
> > }
> > 
> > When I try to run bhyveload:
> > 
> > root@testrunnergit:~ # bhyveload -m 1024 -d /var/cache/libvirt-tck/os-x86_64-hvm/disk-freebsd-11.1.img tck32424
> > bhyveload: vm_create: Operation not permitted (An unprivileged user must run VMs in monitor mode)
> > root@testrunnergit:~ #
> > 
> > root@freebsd16-current:~ # jls -j testrunnergit allow.vmm
> > true
> > root@freebsd16-current:~ # devfs -m /usr/local/bastille/jails/testrunnergit/root/dev rule show
> > 100 include 4
> > 200 path vmmctl unhide
> > 300 path vmm unhide
> > 400 path vmm/* unhide
> > 500 path tap* unhide
> > 600 path mem unhide
> > 700 path kmem unhide
> > 800 path nmdm* unhide
> > 900 path pci unhide
> > 1000 path io unhide
> > 1100 path pf unhide
> > root@freebsd16-current:~ #
> > 
> > Am I missing anything?
> 
> I think this is a regression.  Could you please try the patch here?
> https://reviews.freebsd.org/D56119

Yes, this patch fixes it for me.

Thanks,
Roman