Re: heads-up: planned changes in nvmm

To: Chavdar Ivanov <ci4ic4%gmail.com@localhost>, "J. Lewis Muir" <jlmuir%imca-cat.org@localhost>
Subject: Re: heads-up: planned changes in nvmm
From: Maxime Villard <max%m00nbsd.net@localhost>
Date: Tue, 29 Oct 2019 09:22:24 +0100

First of all, you should not change the permissions of /dev/nvmm. It should
remain 640 root:nvmm.

Then:

(1) How did you launch qemu-nvmm before I added the "nvmm" group? You
were launching it as root, right? Overall you should not launch a program
like Qemu as root, that's precisely why I added the "nvmm" group. It does
imply, now, that the privileged files you were opening in /dev/ need
special permissions, that you must change manually. (Unless you keep using
qemu-nvmm as root, but as I said, I wouldn't recommend that...)

(2) Regarding nvmmctl, I forgot to include the 2555 root:nvmm permissions,
my bad, it should be fixed now. You can launch "nvmmctl identify" as a
normal user, but "nvmmctl list" must be launched as root, that intentional.
(Note: I still hesitate a bit about the latter, maybe it should be usable
from unpriv? Being able to see what VM a process uses looks like snooping
a little bit.)



Le 29/10/2019 à 00:20, Chavdar Ivanov a écrit :

And on top of this if one wants a member of nvmm group to be able to
run nvmmctl, then /dev/nvmm must be 660 ...

On Mon, 28 Oct 2019 at 23:13, Chavdar Ivanov <ci4ic4%gmail.com@localhost> wrote:


And then one has to change the permissions of the tap device and the
disk in use, e,g,
...
chown root:nvmm /dev/tap3
chmod 660 /dev/tap3
chown root:nvmm /dev/zvol/rdsk/pail/openbsd
chmod 660 /dev/zvol/rdsk/pail/openbsd
...

On Mon, 28 Oct 2019 at 22:54, Chavdar Ivanov <ci4ic4%gmail.com@localhost> wrote:


Thanks! Sorted.

On Mon, 28 Oct 2019 at 21:04, J. Lewis Muir <jlmuir%imca-cat.org@localhost> wrote:


On 10/28, Chavdar Ivanov wrote:

After the above message I rebuilt the system and got eventually
nvmmctl, which worked. I couldn't start any VM, though, so I proceeded
to rebuild wip/qemu-nvmm, although there were no changes since my
previous build. This time it worked; I also recreated /dev/nvmm (the
protection changed from 600 to 640). I haven't yet added a nvmm group
member; is there any specific group ID nvmm should be? ( I think I
missed the query about the merge of /etc/group during the system
upgrade. )


See Maxime's post to tech-kern:

   https://mail-index.netbsd.org/tech-kern/2019/10/25/msg025623.html

Lewis

Follow-Ups:
- Re: heads-up: planned changes in nvmm
  - From: Chavdar Ivanov

References:
- heads-up: planned changes in nvmm
  - From: Maxime Villard
- Re: heads-up: planned changes in nvmm
  - From: Maxime Villard
- Re: heads-up: planned changes in nvmm
  - From: Chavdar Ivanov
- Re: heads-up: planned changes in nvmm
  - From: J. Lewis Muir
- Re: heads-up: planned changes in nvmm
  - From: Chavdar Ivanov
- Re: heads-up: planned changes in nvmm
  - From: Chavdar Ivanov
- Re: heads-up: planned changes in nvmm
  - From: Chavdar Ivanov

Prev by Date: daily CVS update output
Next by Date: Re: heads-up: planned changes in nvmm
Previous by Thread: Re: heads-up: planned changes in nvmm
Next by Thread: Re: heads-up: planned changes in nvmm
Indexes:

Home | Main Index | Thread Index | Old Index