Re: heads-up: planned changes in nvmm

To: Maxime Villard <max%m00nbsd.net@localhost>
Subject: Re: heads-up: planned changes in nvmm
From: Chavdar Ivanov <ci4ic4%gmail.com@localhost>
Date: Tue, 29 Oct 2019 10:12:10 +0000

All true; I've already changed nvmmctl permissions, reverted /dev/nvmm
to 640 and saw that 'identify' works as a normal user.

However the need to change the permission of the tap device remains
(and for the disk, but that is obvious).

On Tue, 29 Oct 2019 at 08:22, Maxime Villard <max%m00nbsd.net@localhost> wrote:
>
> First of all, you should not change the permissions of /dev/nvmm. It should
> remain 640 root:nvmm.
>
> Then:
>
> (1) How did you launch qemu-nvmm before I added the "nvmm" group? You
> were launching it as root, right? Overall you should not launch a program
> like Qemu as root, that's precisely why I added the "nvmm" group. It does
> imply, now, that the privileged files you were opening in /dev/ need
> special permissions, that you must change manually. (Unless you keep using
> qemu-nvmm as root, but as I said, I wouldn't recommend that...)
>
> (2) Regarding nvmmctl, I forgot to include the 2555 root:nvmm permissions,
> my bad, it should be fixed now. You can launch "nvmmctl identify" as a
> normal user, but "nvmmctl list" must be launched as root, that intentional.
> (Note: I still hesitate a bit about the latter, maybe it should be usable
> from unpriv? Being able to see what VM a process uses looks like snooping
> a little bit.)
>
>
>
> Le 29/10/2019 à 00:20, Chavdar Ivanov a écrit :
> > And on top of this if one wants a member of nvmm group to be able to
> > run nvmmctl, then /dev/nvmm must be 660 ...
> >
> > On Mon, 28 Oct 2019 at 23:13, Chavdar Ivanov <ci4ic4%gmail.com@localhost> wrote:
> >>
> >> And then one has to change the permissions of the tap device and the
> >> disk in use, e,g,
> >> ...
> >> chown root:nvmm /dev/tap3
> >> chmod 660 /dev/tap3
> >> chown root:nvmm /dev/zvol/rdsk/pail/openbsd
> >> chmod 660 /dev/zvol/rdsk/pail/openbsd
> >> ...
> >>
> >> On Mon, 28 Oct 2019 at 22:54, Chavdar Ivanov <ci4ic4%gmail.com@localhost> wrote:
> >>>
> >>> Thanks! Sorted.
> >>>
> >>> On Mon, 28 Oct 2019 at 21:04, J. Lewis Muir <jlmuir%imca-cat.org@localhost> wrote:
> >>>>
> >>>> On 10/28, Chavdar Ivanov wrote:
> >>>>> After the above message I rebuilt the system and got eventually
> >>>>> nvmmctl, which worked. I couldn't start any VM, though, so I proceeded
> >>>>> to rebuild wip/qemu-nvmm, although there were no changes since my
> >>>>> previous build. This time it worked; I also recreated /dev/nvmm (the
> >>>>> protection changed from 600 to 640). I haven't yet added a nvmm group
> >>>>> member; is there any specific group ID nvmm should be? ( I think I
> >>>>> missed the query about the merge of /etc/group during the system
> >>>>> upgrade. )
> >>>>
> >>>> See Maxime's post to tech-kern:
> >>>>
> >>>>    https://mail-index.netbsd.org/tech-kern/2019/10/25/msg025623.html
> >>>>
> >>>> Lewis



-- 
----

References:
- heads-up: planned changes in nvmm
  - From: Maxime Villard
- Re: heads-up: planned changes in nvmm
  - From: Maxime Villard
- Re: heads-up: planned changes in nvmm
  - From: Chavdar Ivanov
- Re: heads-up: planned changes in nvmm
  - From: J. Lewis Muir
- Re: heads-up: planned changes in nvmm
  - From: Chavdar Ivanov
- Re: heads-up: planned changes in nvmm
  - From: Chavdar Ivanov
- Re: heads-up: planned changes in nvmm
  - From: Chavdar Ivanov
- Re: heads-up: planned changes in nvmm
  - From: Maxime Villard

Prev by Date: Re: heads-up: planned changes in nvmm
Next by Date: Re: xfwm4 crashes on NetBSD 9.99.17 (was "Re: firefox dumping core after NetBSD upgrade")
Previous by Thread: Re: heads-up: planned changes in nvmm
Next by Thread: Re: heads-up: planned changes in nvmm
Indexes:

Home | Main Index | Thread Index | Old Index