Hi, I posted some patches for review which add a new "vmm" group and modify the default ownership and mode of /dev/vmmctl. The result is that regular users that belong to the vmm group will be able to create and run bhyve VMs, albeit with some caveats: - They must run bhyve in "monitor mode", i.e., with -M, to ensure that the VM is destroyed automatically upon last close. - PCI passthru cannot be used. - The user of course needs to be able to access any filesystem resources specified in the bhyve configuration, e.g., disk files or tap devices. Note that the slirp networking backend has recently gotten some improvements and can be used as an unprivileged user.
The /dev/vmm* device files for a particular VM are owned by the user that created the VM, so the same user can inspect and destroy the VM with bhyvectl. The patch series starts here (follow the linked revisions in the "stack" tab): https://reviews.freebsd.org/D54739 Any feedback or comments would be appreciated.
