Differential D33169

vmm: Permit writes to hw.vmm.destroy in capability mode
AcceptedPublic
Actions

Authored by markj on Nov 29 2021, 9:19 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Jan 14 2024, 2:21 PM

	Unknown Object (File)
	Jan 5 2024, 2:58 AM

	Unknown Object (File)
	Oct 4 2023, 6:15 AM

	Unknown Object (File)
	Aug 16 2023, 8:30 AM

	Unknown Object (File)
	May 2 2023, 7:53 PM

Subscribers

Details

Reviewers

rew
jhb

Group Reviewers

Summary

bhyve(8) sports the -D flag, which causes it to destroy the VM context
before exiting. The only interface currently available to do this is a
sysctl, which doesn't work since bhyve(8) runs in capability mode, so -D
is just broken.

I think the right solution is to move to a fd-based interface for
creating and destroying VM contexts, but in the meantime it seems
reasonable to poke a hole in the sandbox to unbreak the option. A
casper service just to destroy the VM is a bit silly.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 43029
Build 39917: arc lint + arc unit

Event Timeline

markj created this revision.Nov 29 2021, 9:19 PM

Herald added a reviewer: bhyve. · View Herald TranscriptNov 29 2021, 9:19 PM

Herald added subscribers: bcran, rgrimes, imp. · View Herald Transcript

markj requested review of this revision.Nov 29 2021, 9:19 PM

Harbormaster completed remote builds in B43029: Diff 99177.Nov 29 2021, 9:19 PM

rew accepted this revision as: rew.Nov 29 2021, 9:33 PM

This revision is now accepted and ready to land.Nov 29 2021, 9:33 PM

jhb accepted this revision.Nov 30 2021, 6:35 PM

Revision Contents
Changeset List

Path

Size

sys/

amd64/

vmm/

3 lines

Diff 99177

sys/amd64/vmm/vmm_dev.c

Loading...