Page MenuHomeFreeBSD
Files F144569688

D54742.diff
No OneTemporary
Actions

D54742.diff
View Options

diff --git a/share/man/man4/vmm.4 b/share/man/man4/vmm.4
--- a/share/man/man4/vmm.4
+++ b/share/man/man4/vmm.4
@@ -59,6 +59,29 @@
.Pp
PCI device passthrough to a virtual machine requires
hardware with VT-d support and is available only on amd64.
+.Sh ACCESS CONTROL
+Only the super-user and processes with write access to the
+.Pa /dev/vmmctl
+device file may create and destroy virtual machines.
+By default, members of the
+.Va vmm
+group have such access.
+Once created, a virtual machine may be destroyed only by that user or
+the super-user.
+.Pp
+Unprivileged users must use
+.Dq monitor mode
+to run the virtual machine; in this mode, the virtual machine is automatically
+destroyed when its device file is closed.
+When running
+.Xr bhyve 8 ,
+this mode can be selected by specifying the
+.Fl M
+flag.
+.Pp
+Virtual machines can be created in a jail if the jail has the
+.Va allow.vmm
+flag set.
.Sh PCI PASSTHROUGH
On amd64 where the hardware supports VT-d,
PCI devices can be reserved for use by the hypervisor.
@@ -99,6 +122,12 @@
and
.Va pptdevs3
variables can be used for additional entries.
+.Pp
+In general, PCI passthrough cannot be used when running
+.Xr bhyve 8
+as an unprivileged user or in a jail, as this feature requires write
+access to
+.Pa /dev/pci .
.Sh LOADER TUNABLES
Tunables can be set at the
.Xr loader 8
@@ -109,6 +138,14 @@
Maximum number of virtual CPUs.
The default is the number of physical CPUs in the system.
.El
+.Sh FILES
+.Bl -tag -width /dev/vmmctl -compact
+.It Pa /dev/vmmctl
+control interface for creating and destroying virtual machines.
+.It Pa /dev/vmm/*
+device interface for individual virtual machines.
+.It Pa /dev/vmm.io/*
+device interface for device memory mapped into virtual machines.
.Sh EXAMPLES
Reserve three PCI devices for use by the hypervisor: bus 10 slot 0 function 0,
bus 6 slot 5 function 0, and bus 6 slot 5 function 1.
@@ -143,8 +180,10 @@
.Xr bhyve 4 ,
.Xr loader.conf 5 ,
.Xr bhyve 8 ,
+.Xr bhyvectl 8 ,
.Xr bhyveload 8 ,
.Xr devctl 8 ,
+.Xr jail 8 ,
.Xr kldload 8
.Sh HISTORY
.Nm vmm.ko
diff --git a/usr.sbin/bhyve/bhyve.8 b/usr.sbin/bhyve/bhyve.8
--- a/usr.sbin/bhyve/bhyve.8
+++ b/usr.sbin/bhyve/bhyve.8
@@ -25,7 +25,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd January 5, 2026
+.Dd January 23, 2026
.Dt BHYVE 8
.Os
.Sh NAME
@@ -117,8 +117,23 @@
package provides a U-Boot image that can be used to boot the guest.
.Pp
.Nm
-runs until the guest operating system reboots or an unhandled hypervisor
-exit is detected.
+runs until the guest operating system reboots (if
+.Ql monitor
+mode is not enabled) or halts, or an unhandled hypervisor exit is
+detected.
+.Pp
+Generally
+.Nm
+must be run by the super-user, but users belonging to the
+.Va vmm
+group can create and run virtual machines as well.
+See
+.Xr vmm 4 .
+When run by an unprivileged user,
+.Nm
+must have access to any required resources such as disk images or
+network devices.
+PCI passthrough cannot be used by unprivileged users.
.Sh OPTIONS
.Bl -tag -width 10n
.It Fl a
@@ -605,8 +620,8 @@
The
.Cm slirp
backend can be used to provide a NATed network to the guest.
-This backend has poor performance but does not require any network
-configuration on the host system.
+This backend has limited performance but does not require any network
+configuration on the host system and can be used by unprivileged users.
It depends on the
.Pa net/libslirp
port.

File Metadata

Mime Type
text/plain
Expires
Tue, Feb 10, 5:17 PM (11 h, 34 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
28628441
Default Alt Text
D54742.diff (3 KB)

Event Timeline