want privilege for hypervisors
The inclusion of bhyve in illumos exacerbates our current lack of a privilege for controlling access to HVM-related tasks. HVM workloads, being somewhat unique in their requirements and implementations, consume system resources in a way that's unique from "normal" processes. As such, gating access to them behind a separate privilege is desirable. To that end
PRIV_SYS_HYPERVISOR is proposed to cover such HVM workloads. The first consumer will be bhyve, but it could be wired into things like KVM and VirtualBox as well.
Updated by Patrick Mooney 3 months ago
John Levon wrote:
Did you consider re-using the golden oldie PRIV_VIRT_MANAGE?
I had not. Seeing it now, I have some mixed feelings. Its naming is pretty unlike the other privs, and access to HVM resources strikes me as something that would be covered by a PRIV_SYS_*. That said, I'm open to suggestion.
Updated by John Levon 3 months ago
Not sure what you mean about naming - it's a sub-system thing, like PROC, NET, etc. The original naming was for covering both kernel-side access reasons and also for e.g. daemon privs (say if we had a user-space door server).
I'm somewhat agnostic on whether it should be re-used or not, just wanted to make sure you'd considered it.