Date: Fri, 10 Feb 2017 13:27:21 -0500 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: freebsd-virtualization@freebsd.org Subject: Re: Unable to create OpenBSD 6.0 bhyve guest Message-ID: <1757175.5Lz3SQ4xSy@hbsd-dev-laptop> In-Reply-To: <20170210181513.vtnq3ph5vmk3sbi4@scotland.uxdom.org> References: <20170210181513.vtnq3ph5vmk3sbi4@scotland.uxdom.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart3870221.ZfbzRfxnRL
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="us-ascii"
On Friday, 10 February 2017 06:15:13 PM C. L. Martinez wrote:
> Hi all,
>=20
> I am trying to create an OpenBSD 6.0 virtual guest under FreeBSD 11 =
bhyve
> server. When I try list cd contents, segmentation faults appears:
>=20
> grub-bhyve -d /data/vms/conf/obsdfwwif -m device.map -r cd0 obsdfwwif=
>=20
>=20
> =
GNU
> GRUB version 2.00
>=20
> Minimal BASH-like line editing is supported. For the first word, T=
AB
> lists possible command completions. Anywhere else TAB lists possible =
device
> or file completions.
>=20
>=20
> grub>ls
> Segmentation fault
>=20
Hey C.L. Martinez,
This is because grub-bhyve creates memory mappings that are both writab=
le and=20
executable, something that is disallowed by default on HardenedBSD.
You'll need to add a secadm rule to disable pageexec and mprotect restr=
ictions=20
for grub-bhyve. You can find a sample rule here:
https://github.com/HardenedBSD/secadm-rules/blob/master/grub-bhyve.rule=
Thanks,
=2D-=20
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
--nextPart3870221.ZfbzRfxnRL
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part.
Content-Transfer-Encoding: 7Bit
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlieBgoACgkQaoRlj1JF
bu7UYhAAhJKlLWdK3TdkzL4MpkCGsSOX4wAwgoHgBEMovpFJ+FwylkekfOe+2Ow2
peWQw/tSc0E+eGPJM1GxTde0qa/l3P94MUv44PLDpSSCs7AZGLgLp4CLXwSgKR2P
vGRhR2YQFM+s57kH65xbP4sm5svKhbeYkQL0tgcAuyqSv5E//1H1d3UrSSqUB7F+
G9Tgw8vnLCHPWQoy6FhTwozE9s+aRtCxB/RjH6bD+Tj0hkSqp8SOpwI7IXJNUil0
U80hh0nCAiU/EpuhquejhKNFSZiqvoetH/YR+Mj2yNkfpKHIUCgRnu08pwsPTHzA
6qB5FmnQlBcSfzLpK2EQC2umi2mCtQMjAwb9r1/dWDlUYhxG11Afgub8Hkrk9rZx
4lKOSgdXZS4drqwi6+KbBUuynfNmBOUZRS0bmR6uz45xoLyki/kwa6Qid37dzG21
WvvklV4lmP97E6OMPYhcX/7IgR5Xx6GcExSBiuGTUeRNqbsexwtbqNByPcfCrw8r
4CGDCAneXPBpM2rcSvdSrjXonEgJyCXj/XzXg7K0hyOLlH4HnjVr9BHO8cWOfo6E
Lz7TfIpYcCHR3XiU1sJdBxlzbFEApD9kPCZHvHrlv4F861WJ1m6+0vFQw4C+KeP2
NduSGgZmS6YkHulvMvDnVZSEhnXyYjloHYAcxDfvW68z5vJnnFM=
=TFWr
-----END PGP SIGNATURE-----
--nextPart3870221.ZfbzRfxnRL--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1757175.5Lz3SQ4xSy>