Solved Unable to start bhyve inside a jail

F

Ferocious1881

Trying to run sh /usr/share/examples/bhyve/vmrun.sh -c 1 -m 265M -t epair5b -d disk0.img -i -I alpine-virt-3.20.3-x86_64.iso alpinevm inside a jail gives me the error
Code: 
Launching virtual machine "alpinevm" ...
bhyveload: vm_open: No such file or directory
The config of the Jail is:
Code: 
acme {
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.consolelog = "/var/log/jail_console_${name}.log";

allow.raw_sockets;
allow.vmm;
enforce_statfs = 2;
securelevel = 2;
exec.clean;
mount.devfs;
devfs_ruleset = 25;

path = "/jails/${name}";
host.hostname = "${name}";

$id = "5";
$ip = "192.168.0.${id}/24";
$gateway = "192.168.0.1";
$bridge = "bridge0";
$epair = "epair${id}";

vnet;
vnet.interface = "${epair}b";

exec.prestart  = "/sbin/ifconfig ${epair} create up";
exec.prestart += "/sbin/ifconfig ${epair}a up descr jail:${name}";
exec.prestart += "/sbin/ifconfig ${bridge} addm ${epair}a up";
exec.prestart += "/sbin/ifconfig ${epair}a ether 02:78:86:dd:81:0a";
exec.prestart += "/sbin/ifconfig ${epair}b ether 02:78:86:dd:81:0b";
exec.start    += "/sbin/ifconfig ${epair}b ${ip} up";
exec.start    += "/sbin/route add default ${gateway}";
exec.poststop = "/sbin/ifconfig ${bridge} deletem ${epair}a";
exec.poststop += "/sbin/ifconfig ${epair}a destroy";
}
 
SirDice said:
What does this ruleset look like?
Click to expand...
Code: 
/dev/
├── ttyu2.lock
├── ttyu3
├── ttyu3.init
├── ttyu3.lock
├── ttyv0
├── ttyv1
├── ttyv2
├── ttyv3
├── ttyv4
├── ttyv5
├── ttyv6
├── ttyv7
├── ttyv8
├── ttyv9
├── ttyva
├── ttyvb
├── ufssuspend
├── ugen0.1 -> usb/0.1.0
├── ugen1.1 -> usb/1.1.0
├── ugen1.2 -> usb/1.2.0
├── ugen1.3 -> usb/1.3.0
├── ugen1.4 -> usb/1.4.0
├── ugen1.5 -> usb/1.5.0
├── ugen1.6 -> usb/1.6.0
├── uinput
├── ukbd0
├── ukbd1
├── urandom -> random
├── usb
│   ├── 0.1.0
│   ├── 0.1.1
│   ├── 1.1.0
│   ├── 1.1.1
│   ├── 1.2.0
│   ├── 1.2.1
│   ├── 1.3.0
│   ├── 1.3.1
│   ├── 1.4.0
│   ├── 1.4.1
│   ├── 1.4.2
│   ├── 1.5.0
│   ├── 1.5.1
│   ├── 1.5.2
│   ├── 1.6.0
│   ├── 1.6.1
│   ├── 1.6.2
│   └── 1.6.3
├── usbctl
├── vmm
├── wmistat0
├── wmistat1
├── xpt0
├── zero
└── zfs
 
Ruleset mate, not the contents of /dev/, devfs(8), devfs.rules(5)

Code: 
     devfs_ruleset
             The number of the devfs ruleset that is enforced for mounting
             devfs in this jail.  A value of zero (default) means no ruleset
             is enforced.  Descendant jails inherit the parent jail's devfs
             ruleset enforcement.  Mounting devfs inside a jail is possible
             only if the allow.mount and allow.mount.devfs permissions are
             effective and enforce_statfs is set to a value lower than 2.
             Devfs rules and rulesets cannot be viewed or modified from inside
             a jail.

             NOTE: It is important that only appropriate device nodes in devfs
             be exposed to a jail; access to disk devices in the jail may
             permit processes in the jail to bypass the jail sandboxing by
             modifying files outside of the jail.  See devfs(8) for
             information on how to use devfs rules to limit access to entries
             in the per-jail devfs.  A simple devfs ruleset for jails is
             available as ruleset #4 in /etc/defaults/devfs.rules.
 
i think SirDice means whats in your

Code: 
/etc/devfs.rules

for ruleset 25

like this

Code: 
less /etc/devfs.rules

Code: 
[localrules=5]
add path 'da*' mode 0660 group operator

[jail=7]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path 'mixer*' unhide
add path 'dsp*' unhide
add path 'dri*' unhide
add path 'drm*' unhide
add path 'nvidia*' unhide
add path 'speaker*' unhide
 
NapoleonWils0n said:
i think SirDice means whats in your

Code: 
/etc/devfs.rules

for ruleset 25

like this

Code: 
less /etc/devfs.rules

Code: 
[localrules=5]
add path 'da*' mode 0660 group operator

[jail=7]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path 'mixer*' unhide
add path 'dsp*' unhide
add path 'dri*' unhide
add path 'drm*' unhide
add path 'nvidia*' unhide
add path 'speaker*' unhide
Click to expand...
There is no /etc/devfs.rules in my system. There is a /etc/devfs.conf which looks like only comments.
 
SirDice said:
What does this ruleset look like?
Click to expand...
My /etc/devfs.rules, which I created after realizing missing step in tutorial, looks like
Code: 
[devfs_rules_bhyve_jail=25]
#add include $devfsrules_jail something that I don't have idea of what is supposed to mean comes, because is using bastille
add path vmm unhide
add path vmm/* unhide
add path tap* unhide
add path nmdm* unhide
 
Ferocious1881 said:
My /etc/devfs.rules, which I created after realizing missing step in tutorial, looks like
Code: 
[devfs_rules_bhyve_jail=25]
#add include $devfsrules_jail something that I don't have idea of what is supposed to mean comes, because is using bastille
add path vmm unhide
add path vmm/* unhide
add path tap* unhide
add path nmdm* unhide
Click to expand...
Note: This solves the problem
 
You must log in or register to reply here.
Back
Top