All true; I've already changed nvmmctl permissions, reverted /dev/nvmm to 640 and saw that 'identify' works as a normal user.
However the need to change the permission of the tap device remains (and for the disk, but that is obvious). On Tue, 29 Oct 2019 at 08:22, Maxime Villard <m...@m00nbsd.net> wrote: > > First of all, you should not change the permissions of /dev/nvmm. It should > remain 640 root:nvmm. > > Then: > > (1) How did you launch qemu-nvmm before I added the "nvmm" group? You > were launching it as root, right? Overall you should not launch a program > like Qemu as root, that's precisely why I added the "nvmm" group. It does > imply, now, that the privileged files you were opening in /dev/ need > special permissions, that you must change manually. (Unless you keep using > qemu-nvmm as root, but as I said, I wouldn't recommend that...) > > (2) Regarding nvmmctl, I forgot to include the 2555 root:nvmm permissions, > my bad, it should be fixed now. You can launch "nvmmctl identify" as a > normal user, but "nvmmctl list" must be launched as root, that intentional. > (Note: I still hesitate a bit about the latter, maybe it should be usable > from unpriv? Being able to see what VM a process uses looks like snooping > a little bit.) > > > > Le 29/10/2019 à 00:20, Chavdar Ivanov a écrit : > > And on top of this if one wants a member of nvmm group to be able to > > run nvmmctl, then /dev/nvmm must be 660 ... > > > > On Mon, 28 Oct 2019 at 23:13, Chavdar Ivanov <ci4...@gmail.com> wrote: > >> > >> And then one has to change the permissions of the tap device and the > >> disk in use, e,g, > >> ... > >> chown root:nvmm /dev/tap3 > >> chmod 660 /dev/tap3 > >> chown root:nvmm /dev/zvol/rdsk/pail/openbsd > >> chmod 660 /dev/zvol/rdsk/pail/openbsd > >> ... > >> > >> On Mon, 28 Oct 2019 at 22:54, Chavdar Ivanov <ci4...@gmail.com> wrote: > >>> > >>> Thanks! Sorted. > >>> > >>> On Mon, 28 Oct 2019 at 21:04, J. Lewis Muir <jlm...@imca-cat.org> wrote: > >>>> > >>>> On 10/28, Chavdar Ivanov wrote: > >>>>> After the above message I rebuilt the system and got eventually > >>>>> nvmmctl, which worked. I couldn't start any VM, though, so I proceeded > >>>>> to rebuild wip/qemu-nvmm, although there were no changes since my > >>>>> previous build. This time it worked; I also recreated /dev/nvmm (the > >>>>> protection changed from 600 to 640). I haven't yet added a nvmm group > >>>>> member; is there any specific group ID nvmm should be? ( I think I > >>>>> missed the query about the merge of /etc/group during the system > >>>>> upgrade. ) > >>>> > >>>> See Maxime's post to tech-kern: > >>>> > >>>> https://mail-index.netbsd.org/tech-kern/2019/10/25/msg025623.html > >>>> > >>>> Lewis -- ----