Re: vmd: owner feature and vms started as root

Fri, 01 Dec 2017 14:34:00 -0800 

On Thu, Nov 30, 2017 at 01:31:49AM +0100, Sebastian Benoit wrote:
> Hi,
>
> i have a vm defined in vm.conf like this:
>
> vm "b1" {
>         disable
>         memory 1G
>         owner benoit
>   ...
>
> I start the vm:
>
> [root@blap:/etc]# vmctl start b1
> vmctl: started vm 1 successfully, tty /dev/ttyp6
>
> but i'm still root, because i was just editing vm.conf.
> So i exit and want to get the console:
>
>
> [root@blap:/etc]# exit
> [benoit@blap:/usr/src/usr.sbin/vmd]$ vmctl console b1
> cu: open("/dev/ttyp6"): Permission denied
>
> Mike tells me thats normal behaiviour. I think its not very obious,
> the owner option should be followed, even ifroot starts it.

I hit this recently as well. Here is a diff to make it always start vms
as "owner":

Index: vmd.c
===================================================================
RCS file: /cvs/src/usr.sbin/vmd/vmd.c,v
retrieving revision 1.75
diff -u -p -r1.75 vmd.c
--- vmd.c       30 Nov 2017 01:28:27 -0000      1.75
+++ vmd.c       1 Dec 2017 19:28:10 -0000
@@ -102,7 +102,7 @@ vmd_dispatch_control(int fd, struct priv
                        cmd = IMSG_VMDOP_START_VM_RESPONSE;
                }
                if (res == 0 &&
-                   config_setvm(ps, vm, imsg->hdr.peerid, vmc.vmc_uid) == -1) {
+                   config_setvm(ps, vm, imsg->hdr.peerid, 
vm->vm_params.vmc_uid) == -1) {
                        res = errno;
                        cmd = IMSG_VMDOP_START_VM_RESPONSE;
                }
@@ -840,7 +840,7 @@ vmd_configure(void)
                            vm->vm_params.vmc_params.vcp_name);
                        continue;
                }
-               if (config_setvm(&env->vmd_ps, vm, -1, 0) == -1)
+               if (config_setvm(&env->vmd_ps, vm, -1, vm->vm_params.vmc_uid) 
== -1)
                        return (-1);
        }

@@ -918,7 +918,7 @@ vmd_reload(unsigned int reset, const cha
                                            vm->vm_params.vmc_params.vcp_name);
                                        continue;
                                }
-                               if (config_setvm(&env->vmd_ps, vm, -1, 0) == -1)
+                               if (config_setvm(&env->vmd_ps, vm, -1, 
vm->vm_params.vmc_uid) == -1)
                                        return (-1);
                        } else {
                                log_debug("%s: not creating vm \"%s\": "

There is another config_setvm call that is being passed 0, but that one
is for receiving vms. According to pd@ there is a bug that requires the
uid to be 0 for now.

OK?

>
> /B.
>

--
PGP: 0x1F81112D62A9ADCE / 3586 3350 BFEA C101 DB1A  4AF0 1F81 112D 62A9 ADCE

Reply via email to