Diffusion FreeBSD src repository d4c05edd410e

vmm: Add privilege checks to vmmctl operations
d4c05edd410e
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

vmm: Add privilege checks to vmmctl operations

In preparation for supporting creation of VMs by unprivileged users, add
some restrictions:

Disallow creation of non-transient VMs by unprivileged users. That is, if an unprivileged user creates a VM, the VM must be destroyed automatically once the last fd referencing it is gone.
Disallow destroying VMs created by a different user, unless the caller has the PRIV_VMM_DESTROY privilege.

Reviewed by: bnovkov
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54740

Details

Provenance

Authored on Feb 19 2026, 2:38 PM

Reviewer

Differential Revision

D54740: vmm: Add privilege checks to vmmctl operations

Parents

rGdcbd1fccdc66: types.h: use central definition of offsetof()

Branches

Unknown

Tags

Unknown

Event Timeline

markj committed rGd4c05edd410e: vmm: Add privilege checks to vmmctl operations (authored by markj).Feb 19 2026, 5:16 PM

markj added an edge: D54740: vmm: Add privilege checks to vmmctl operations.

markj mentioned this in D56119: vmm: Restore the ability to create VMs as root in a jail.Sat, Mar 28, 8:40 AM

markj mentioned this in rGf3c772361f3b: vmm: Restore the ability to create VMs as root in a jail.Wed, Apr 1, 11:16 AM

Changes (2)

Path

Size

sys/

dev/

vmm/

sys/

rGd4c05edd410e

sys/dev/vmm/vmm_dev.c

Loading...

sys/sys/priv.h

Loading...