On Thu, Dec 12, 2019 at 03:03:19PM +0100, Denis Fondras wrote:
> Perhaps vm.conf(5) manual should tell that root:wheel is the default.
For `socket owner' vm.conf(5) already says that, but for actual VMs this
only works outside of templates, ie. the following does not work:
# cat /etc/vm.conf
vm "generic" {
disable
disk "/dev/null"
owner ":wheel"
allow instance {
boot,
disk,
cdrom,
interface,
memory
}
}
# rcctl restart vmd
vmd(ok)
vmd(ok)
# vmctl status
ID PID VCPUS MAXMEM CURMEM TTY OWNER STATE NAME
1 - 1 512M - - :wheel stopped generic
# su -l kn
$ groups
kn wheel wsrc auth wobj
$ vmctl start
$ vmctl start -t generic -b ~/bsd.rd -c test
vmctl: start vm command failed: Operation not permitted
According to documentation, this should work; if at all, I'd like to
amend the manual page when fixing this.
Note that with `owner "kn"' instead, above example does work.
