vmm: Enable unprivileged bhyve

- Add the vmm group.
- Let /dev/vmmctl belong to the vmm group by default, and give group
  write permissions.
- When creating a VM's device files, make them owned by the creating
  process' effective UID.

Reviewed by:	bnovkov
MFC after:	2 months
Sponsored by:	The FreeBSD Foundation
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D54741
This commit is contained in:
Mark Johnston
2026-02-19 14:38:46 +00:00
parent d4c05edd41
commit af099eaa5e
3 changed files with 7 additions and 5 deletions
+1
View File
@@ -34,5 +34,6 @@ ntpd:*:123:
_ypldap:*:160:
hast:*:845:
tests:*:977:
vmm:*:978:
nogroup:*:65533:
nobody:*:65534:
+5 -5
View File
@@ -1033,8 +1033,8 @@ vmmdev_create(const char *name, uint32_t flags, struct ucred *cred)
make_dev_args_init(&mda);
mda.mda_devsw = &vmmdevsw;
mda.mda_cr = sc->ucred;
mda.mda_uid = UID_ROOT;
mda.mda_gid = GID_WHEEL;
mda.mda_uid = cred->cr_uid;
mda.mda_gid = GID_VMM;
mda.mda_mode = 0600;
mda.mda_si_drv1 = sc;
mda.mda_flags = MAKEDEV_CHECKNAME | MAKEDEV_WAITOK;
@@ -1201,7 +1201,7 @@ vmmdev_init(void)
sx_xlock(&vmmdev_mtx);
error = make_dev_p(MAKEDEV_CHECKNAME, &vmmctl_cdev, &vmmctlsw, NULL,
UID_ROOT, GID_WHEEL, 0600, "vmmctl");
UID_ROOT, GID_VMM, 0660, "vmmctl");
if (error == 0) {
pr_allow_vmm_flag = prison_add_allow(NULL, "vmm", NULL,
"Allow use of vmm in a jail");
@@ -1357,8 +1357,8 @@ devmem_create_cdev(struct vmmdev_softc *sc, int segid, char *devname)
make_dev_args_init(&mda);
mda.mda_devsw = &devmemsw;
mda.mda_cr = sc->ucred;
mda.mda_uid = UID_ROOT;
mda.mda_gid = GID_WHEEL;
mda.mda_uid = sc->ucred->cr_uid;
mda.mda_gid = GID_VMM;
mda.mda_mode = 0600;
mda.mda_si_drv1 = dsc;
mda.mda_flags = MAKEDEV_CHECKNAME | MAKEDEV_WAITOK;
+1
View File
@@ -160,6 +160,7 @@ typedef int dumper_hdr_t(struct dumperinfo *di, struct kerneldumpheader *kdh);
#define GID_ID_PRIO 48
#define GID_DIALER 68
#define GID_U2F 116
#define GID_VMM 978
#define GID_NOGROUP 65533
#define GID_NOBODY 65534