Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: heads-up: planned changes in nvmm

First of all, you should not change the permissions of /dev/nvmm. It should
remain 640 root:nvmm.


(1) How did you launch qemu-nvmm before I added the "nvmm" group? You
were launching it as root, right? Overall you should not launch a program
like Qemu as root, that's precisely why I added the "nvmm" group. It does
imply, now, that the privileged files you were opening in /dev/ need
special permissions, that you must change manually. (Unless you keep using
qemu-nvmm as root, but as I said, I wouldn't recommend that...)

(2) Regarding nvmmctl, I forgot to include the 2555 root:nvmm permissions,
my bad, it should be fixed now. You can launch "nvmmctl identify" as a
normal user, but "nvmmctl list" must be launched as root, that intentional.
(Note: I still hesitate a bit about the latter, maybe it should be usable
from unpriv? Being able to see what VM a process uses looks like snooping
a little bit.)

Le 29/10/2019 à 00:20, Chavdar Ivanov a écrit :
And on top of this if one wants a member of nvmm group to be able to
run nvmmctl, then /dev/nvmm must be 660 ...

On Mon, 28 Oct 2019 at 23:13, Chavdar Ivanov <> wrote:

And then one has to change the permissions of the tap device and the
disk in use, e,g,
chown root:nvmm /dev/tap3
chmod 660 /dev/tap3
chown root:nvmm /dev/zvol/rdsk/pail/openbsd
chmod 660 /dev/zvol/rdsk/pail/openbsd

On Mon, 28 Oct 2019 at 22:54, Chavdar Ivanov <> wrote:

Thanks! Sorted.

On Mon, 28 Oct 2019 at 21:04, J. Lewis Muir <> wrote:

On 10/28, Chavdar Ivanov wrote:
After the above message I rebuilt the system and got eventually
nvmmctl, which worked. I couldn't start any VM, though, so I proceeded
to rebuild wip/qemu-nvmm, although there were no changes since my
previous build. This time it worked; I also recreated /dev/nvmm (the
protection changed from 600 to 640). I haven't yet added a nvmm group
member; is there any specific group ID nvmm should be? ( I think I
missed the query about the merge of /etc/group during the system
upgrade. )

See Maxime's post to tech-kern:


Home | Main Index | Thread Index | Old Index