vmm: Restore the ability to create VMs as root in a jail
ClosedPublic
Actions

Authored by markj on Mar 28 2026, 8:40 AM.

Details

Reviewers

Commits

rGf3c772361f3b: vmm: Restore the ability to create VMs as root in a jail

Summary

The new PRIV_VMM_CREATE and DESTROY permissions should be allowed by
jails, so need to be added to the list in prison_priv_check(). Then,
modify vmmdev_create() to verify that the jail was created with the
allow.vmm flag.

Rename vmm_priv_check() to vmm_jail_priv_check() to make the function's
purpose more clear.

Reported by: novel
Fixes: d4c05edd410e ("vmm: Add privilege checks to vmmctl operations")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.Mar 28 2026, 8:40 AM

Herald added subscribers: olce, imp. · View Herald TranscriptMar 28 2026, 8:40 AM

markj requested review of this revision.Mar 28 2026, 8:40 AM

Harbormaster completed remote builds in B71760: Diff 174423.Mar 28 2026, 8:40 AM

novel added a subscriber: novel.Mar 28 2026, 9:44 AM

bnovkov accepted this revision.Tue, Mar 31, 8:23 PM

This revision is now accepted and ready to land.Tue, Mar 31, 8:23 PM

Closed by commit rGf3c772361f3b: vmm: Restore the ability to create VMs as root in a jail (authored by markj). · Explain WhyWed, Apr 1, 11:17 AM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rGf3c772361f3b: vmm: Restore the ability to create VMs as root in a jail.

Revision Contents
Changeset List

Path

Size

sys/

dev/

vmm/

vmm_dev.c

16 lines

kern/

kern_jail.c

8 lines

Diff 174729

View Options

sys/dev/vmm/vmm_dev.c