bhyve Need help installing/running Debian using bhyve inside jail.

ikevin8me

Member


Messages: 75

I'm trying to boot a Debian disk image and get it running using bhyve within a jail.

When I execute this command (inside the jail):

sh /usr/share/examples/bhyve/vmrun.sh -c 4 -m 4g -I /install/debian-10.6.0-amd64-xfce-CD-1.iso -E -L 192.168.1.180 -P 5901 debian

it causes a "vm_create: Device not configured" error.

I dived deeper into the vmrun.sh file and inserted the following code:

echo "FBSDRUN " ${FBSDRUN}
echo "cpus" ${cpus}
echo "memsize " ${memsize}
echo "bhyverun_opt " ${bhyverun_opt}
echo "gdbport " ${gdbport}
echo "efiargs " ${efiargs}
echo "devargs " ${devargs}
echo "console " ${console}
echo "installer_opt " ${installer_opt}
echo "vmname" ${vmname}
just before:
${FBSDRUN} -c ${cpus} -m ${memsize} ${bhyverun_opt} \
-g ${gdbport} \
-s 0:0,hostbridge \
-s 1:0,lpc \
${efiargs} \
${devargs} \
-l com1,${console} \
${installer_opt} \
${vmname}

The printout is:

FBSDRUN /usr/sbin/bhyve
cpus 4
memsize 4g
bhyverun_opt -H -A -P
gdbport 0
efiargs -s 29,fbuf,tcp=192.168.1.180:5901,w=1024,h=768 -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd
devargs -s 2:0,virtio-net,tap0 -s 3:0,virtio-blk,./diskdev
console stdio
installer_opt -s 31:0,ahci-cd,/install/debian-10.6.0-amd64-xfce-CD-1.iso
vmname debian
vm_create: Device not configured

and the bhyve command exit status is "4".

Outside the jail (on the host system):

I have my /etc/sysctl.conf with this line added:

net.link.tap.up_on_open=1

I also have these lines added to my /etc/rc.conf:

cloned_interfaces="bridge0 tap0"
ifconfig_bridge0="addm em0 addm tap0 up"

And inside my /etc/jail.conf, I have:

exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
interface = em0;

bhyvedebian {
host.hostname = bhyvedebian.hostname.com;
devfs_ruleset = 25;
ip4.addr = 192.168.1.180;
allow.vmm;
persist;
}

And the /etc/devfs.rules:

[devfs_rules_bhyve_jail=25]
add include $devfsrules_jail
add path vmm unhide
add path vmm/* unhide
add path tap* unhide
add path zroot/jails/bhyvedebian/* unhide
add path nmdm* unhide

One thing of interest is the name of the rule isn't referenced anywhere, so it doesn't matter that i call it like "devfs_rules_bhyve_jail". Is my understanding correct? I mean, this isn't the problem, right?

And also in my /boot/loader.conf, I have added:

vmm_load="YES"
nmdm_load="YES"
virtio_blk_load="YES"

So, what is wrong with my set up and how do I resolve the "vm_create: Device not configured" error? What "device" is not configured?

Thanks!
 

Emrion

Aspiring Daemon

Reaction score: 156
Messages: 563

I don't even know if what you try to achieve is possible, but... What's the point to run a bhyve VM inside a jail?

A jail is just something which lives with its own 'world', but uses the kernel of the host system.
bhyve uses the host kernel. You don't add a security layer with a jail in this case, I think.
 
OP
I

ikevin8me

Member


Messages: 75

Well, this guy says he did it:
So, I know it is possible :) for double security layers.
 

Emrion

Aspiring Daemon

Reaction score: 156
Messages: 563

Ok. But, from my point of view, it's more a challenge than a real security improvement.
Sadly, I can't help you because I'll never waste my time on such a thing.

You know, you can add jails, virtual machines, firewalls, system hardenings by modifying kernel tunables, but if you leave a http server with a poorly designed php code, you lost.
 
OP
I

ikevin8me

Member


Messages: 75

I think I figured it out: my CPU has none of the features required for bhyve, according to this doc. I'd have to put it on a new server to try this again.
 
Top