BHyVe as non root
Andrea Brancatelli
abrancatelli at schema31.it
Fri Jan 17 08:47:29 UTC 2014
Thank you, you've been very clear.
Let me know if I can help anyhow with future testings on this item - that's
the only thing I can do to help :-)
On Thu, Jan 16, 2014 at 10:21 PM, Peter Grehan <grehan at freebsd.org> wrote:
> Hi Andrea,
>
> do you see any particolar problem (devices who need to have the owner
>> changed, limitations of any kind...?) in running BHyVe as non-root?
>>
>
> There's 2 issues - firstly, bhyve is new and hasn't had a lot of
> exposure. It's probably safest to restrict it to root for a while to avoid
> exposing non-root users to unforeseen security issues.
>
> Secondly, the current implementation doesn't tie all resource usage to a
> process. The split of bhyveload/bhyve allows VM memory to be tied to a
> memory object associated with the VM. This complicates the tracking system
> memory usage, which is usually done on a process basis. The fix for this,
> in progress, is to use a single process for a VM, and avoid a separate
> loading process.
>
> The goal is to allow non-root usage, but there's still a ways to go for
> that.
>
> later,
>
> Peter.
>
--
*Andrea BrancatelliSchema 31 S.r.l. - Socio UnicoResponsabile ITROMA -
FIRENZE - PALERMO ITALYTel: +39. 06.98.358.472*
*Cell: +39 331.2488468Fax: +39. 055.71.880.466Società del Gruppo SC31
ITALIA*
More information about the freebsd-virtualization
mailing list