Merge pull request #21 from AkihiroSuda/opt-vde

`change the default prefix from /usr/local to /opt/vde` + `support vde_switch >= 2021-08-31`

.github/workflows/test.yml

@@ -21,12 +21,22 @@ jobs:
           uname -a
           sw_vers
           ifconfig
-      - name: Install build dependencies
-        run: brew install vde
+      - name: Install build dependencies of VDE
+        run: brew install autoconf automake
+      - name: Install VDE
+        run: |
+          git clone https://github.com/virtualsquare/vde-2.git /tmp/vde-2
+          cd /tmp/vde-2
+          # Aug 31, 2021
+          git checkout 50964c3fb0776e82f8bd1ecdc527683966f3d52c
+          autoreconf -fis
+          ./configure --prefix=/opt/vde
+          make
+          sudo make install
       - name: Make
-        run: make
+        run: make PREFIX=/opt/vde
       - name: Install
-        run: sudo make install
+        run: sudo make PREFIX=/opt/vde install
       - name: Print launchd status (shared mode)
         run: launchctl print system/io.github.lima-vm.vde_vmnet.plist
       - name: Install test dependencies

Makefile

@@ -1,11 +1,15 @@
-PREFIX ?= /usr/local
+# PREFIX should be only writable by the root to avoid privilege escalation with launchd or sudo
+PREFIX ?= /opt/vde
+
+# VDEPREFIX should be only writable by the root to avoid privilege escalation with launchd or sudo
+VDEPREFIX ?= $(PREFIX)
 
 CFLAGS ?= -O3
 
 VERSION ?= $(shell git describe --match 'v[0-9]*' --dirty='.m' --always --tags)
-CFLAGS += -DVERSION=\"$(VERSION)\"
+CFLAGS += -I"$(VDEPREFIX)/include" -DVERSION=\"$(VERSION)\"
 
-LDFLAGS += -lvdeplug -framework vmnet
+LDFLAGS += -L"$(VDEPREFIX)/lib" -lvdeplug -framework vmnet
 
 # Interface name for bridged mode. Empty value (default) disables bridged mode.
 BRIDGED ?=
@@ -24,11 +28,12 @@ install.bin: vde_vmnet
 	install vde_vmnet "$(DESTDIR)/$(PREFIX)/bin/vde_vmnet"
 
 install.launchd.plist: launchd/*.plist
-	install launchd/io.github.virtualsquare.vde-2.vde_switch.plist "$(DESTDIR)/Library/LaunchDaemons/io.github.virtualsquare.vde-2.vde_switch.plist"
-	install launchd/io.github.lima-vm.vde_vmnet.plist "$(DESTDIR)/Library/LaunchDaemons/io.github.lima-vm.vde_vmnet.plist"
+	sed -e "s@/opt/vde@$(PREFIX)@g" launchd/io.github.virtualsquare.vde-2.vde_switch.plist > "$(DESTDIR)/Library/LaunchDaemons/io.github.virtualsquare.vde-2.vde_switch.plist"
+	sed -e "s@/opt/vde@$(PREFIX)@g" launchd/io.github.lima-vm.vde_vmnet.plist > "$(DESTDIR)/Library/LaunchDaemons/io.github.lima-vm.vde_vmnet.plist"
+
 ifneq ($(BRIDGED),)
-	sed -e "s/en0/$(BRIDGED)/g" launchd/io.github.virtualsquare.vde-2.vde_switch.bridged.en0.plist > "$(DESTDIR)/Library/LaunchDaemons/io.github.virtualsquare.vde-2.vde_switch.bridged.$(BRIDGED).plist"
-	sed -e "s/en0/$(BRIDGED)/g" launchd/io.github.lima-vm.vde_vmnet.bridged.en0.plist > "$(DESTDIR)/Library/LaunchDaemons/io.github.lima-vm.vde_vmnet.bridged.$(BRIDGED).plist"
+	sed -e "s@/opt/vde@$(PREFIX)@g" -e "s/en0/$(BRIDGED)/g" launchd/io.github.virtualsquare.vde-2.vde_switch.bridged.en0.plist > "$(DESTDIR)/Library/LaunchDaemons/io.github.virtualsquare.vde-2.vde_switch.bridged.$(BRIDGED).plist"
+	sed -e "s@/opt/vde@$(PREFIX)@g" -e "s/en0/$(BRIDGED)/g" launchd/io.github.lima-vm.vde_vmnet.bridged.en0.plist > "$(DESTDIR)/Library/LaunchDaemons/io.github.lima-vm.vde_vmnet.bridged.$(BRIDGED).plist"
 endif
 
 install.launchd: install.launchd.plist

README.md

@@ -10,16 +10,34 @@
 
 Requires macOS 10.15 or later.
 
-```console
-brew install vde
+### Step 1: Install vde-2 (`vde_switch`)
 
-make
+The version of `vde-2` must be [commit 50964c3f](https://github.com/virtualsquare/vde-2/tree/50964c3f) (2021-08-31) or later.
+
+The `--prefix` dir below does not necessarily need to be `/opt/vde`, however, it is highly recommended
+to set the prefix to a directory that can be only written by the root.
+
+Note that `/usr/local` is typically chowned for a non-root user on Homebrew environments, so
+`/usr/local` is *not* an appropriate prefix.
 
+```bash
+git clone https://github.com/virtualsquare/vde-2.git
+cd vde-2
+autoreconf -fis
+./configure --prefix=/opt/vde
+make
 sudo make install
 ```
 
+### Step 2: Install `vde_vmnet`
+```bash
+git clone https://github.com/lima-vm/vde_vmnet
+make PREFIX=/opt/vde
+sudo make PREFIX=/opt/vde install
+```
+
 The following files will be installed:
-- `/usr/local/bin/vde_vmnet`
+- `/opt/vde/bin/vde_vmnet`
 - `/Library/LaunchDaemons/io.github.virtualsquare.vde-2.vde_switch.plist`
 - `/Library/LaunchDaemons/io.github.lima-vm.vde_vmnet.plist`
   - Configured to use `192.168.105.0/24`. Modifiy the file if it conflicts with your local network.
@@ -86,7 +104,7 @@ Note: make sure to run `vde_vmnet` with root (`sudo`). See [FAQs](#FAQs) for the
 ### PTP mode (Switchless mode)
 
 - Pros: doesn't require the `vde_switch` process to be running
-- Cons: no support for multi-VM
+- Cons: Only single QEMU process can connect to the socket. Multiple `vde_vmnet` processes need to be launched for multiple QEMU processes.
 
 To enable PTP mode, append `[]` to the socket path argument of `vde_vmnet`.
 

etc_sudoers.d/README.md

@@ -3,5 +3,4 @@
 To allow non-root users to run `vde_vmnet`, use [launchd](../launchd) *or*
 install [the `vde_vmnet` file in this directory](./vde_vmnet) as `/etc/sudoers.d/vde_vmnet`.
 
-At least you have to modify the `sha224` digests in [`/etc/sudoers.d/vde_vmnet`](./vde_vmnet).
 See the comment lines in the file for the further information.

etc_sudoers.d/vde_vmnet

@@ -2,18 +2,14 @@
 
 # To allow non-root users to run `vde_vmnet`, use launchd OR install this file as `/etc/sudoers.d/vde_vmnet`.
 
-# Prerequisite: Replace dummy sha224 digest values in this file with the actual sha224 digest values.
-#  - `openssl dgst -binary -sha224 /usr/local/bin/vde_switch | openssl base64`
-#  - `openssl dgst -binary -sha224 /usr/local/bin/vde_vmnet | openssl base64`
-
 # Usage:
-# - sudo -u daemon -g staff /usr/local/bin/vde_switch ...
-# - sudo /usr/local/bin/vde_vmnet ...
+# - sudo -u daemon -g staff /opt/vde/bin/vde_switch ...
+# - sudo /opt/vde/bin/vde_vmnet ...
 
 # Entries for shared mode (192.168.105.0/24)
-%staff ALL=(daemon:staff) NOPASSWD:NOSETENV: sha224:N9Msbbq+1xHLHUYgtkCQ/vDvY6sWpKUdZoJZ5g== /usr/local/bin/vde_switch --sock=/var/run/vde.ctl --pidfile=/var/run/vde.pid --group=staff --dirmode=0770
-%staff ALL=(root:root) NOPASSWD:NOSETENV: sha224:XQMHsLqtLONKq3yskqPXLFfKli/60d02UALUXg== /usr/local/bin/vde_vmnet --vmnet-gateway=192.168.105.1 /var/run/vde.ctl
+%staff ALL=(daemon:staff) NOPASSWD:NOSETENV: /opt/vde/bin/vde_switch --sock=/var/run/vde.ctl --pidfile=/var/run/vde.pid --group=staff --dirmode=0770 --nostdin
+%staff ALL=(root:root) NOPASSWD:NOSETENV: /opt/vde/bin/vde_vmnet --vmnet-gateway=192.168.105.1 /var/run/vde.ctl
 
 # Entries for bridged mode (en0)
-%staff ALL=(daemon:staff) NOPASSWD:NOSETENV: sha224:N9Msbbq+1xHLHUYgtkCQ/vDvY6sWpKUdZoJZ5g== /usr/local/bin/vde_switch --sock=/var/run/vde.bridged.en0.ctl --pidfile=/var/run/vde.bridged.en0.pid --group=staff --dirmode=0770
-%staff ALL=(root:root) NOPASSWD:NOSETENV: sha224:XQMHsLqtLONKq3yskqPXLFfKli/60d02UALUXg== /usr/local/bin/vde_vmnet --vmnet-mode=bridged --vmnet-interface=en0 /var/run/vde.bridged.en0.ctl
+%staff ALL=(daemon:staff) NOPASSWD:NOSETENV: /opt/vde/bin/vde_switch --sock=/var/run/vde.bridged.en0.ctl --pidfile=/var/run/vde.bridged.en0.pid --group=staff --dirmode=0770 --nostdin
+%staff ALL=(root:root) NOPASSWD:NOSETENV: /opt/vde/bin/vde_vmnet --vmnet-mode=bridged --vmnet-interface=en0 /var/run/vde.bridged.en0.ctl

launchd/io.github.lima-vm.vde_vmnet.bridged.en0.plist

@@ -6,10 +6,10 @@
 		<key>Label</key>
 		<string>io.github.lima-vm.vde_vmnet.bridged.en0.plist</string>
 		<key>Program</key>
-		<string>/usr/local/bin/vde_vmnet</string>
+		<string>/opt/vde/bin/vde_vmnet</string>
 		<key>ProgramArguments</key>
 		<array>
-			<string>/usr/local/bin/vde_vmnet</string>
+			<string>/opt/vde/bin/vde_vmnet</string>
 			<string>--vmnet-mode=bridged</string>
 			<string>--vmnet-interface=en0</string>
 			<string>/var/run/vde.bridged.en0.ctl</string>

launchd/io.github.lima-vm.vde_vmnet.plist

@@ -6,10 +6,10 @@
 		<key>Label</key>
 		<string>io.github.lima-vm.vde_vmnet.plist</string>
 		<key>Program</key>
-		<string>/usr/local/bin/vde_vmnet</string>
+		<string>/opt/vde/bin/vde_vmnet</string>
 		<key>ProgramArguments</key>
 		<array>
-			<string>/usr/local/bin/vde_vmnet</string>
+			<string>/opt/vde/bin/vde_vmnet</string>
 			<string>--vmnet-gateway=192.168.105.1</string>
 			<string>/var/run/vde.ctl</string>
 		</array>

launchd/io.github.virtualsquare.vde-2.vde_switch.bridged.en0.plist

@@ -10,7 +10,7 @@
 		<string>/usr/local/bin/vde_switch</string>
 		<key>ProgramArguments</key>
 		<array>
-			<string>/usr/local/bin/vde_switch</string>
+			<string>/opt/vde/bin/vde_switch</string>
 			<string>--sock</string>
 			<string>/var/run/vde.bridged.en0.ctl</string>
 			<string>--pidfile</string>
@@ -19,6 +19,8 @@
 			<string>staff</string>
 			<string>--dirmode</string>
 			<string>0770</string>
+			<!-- Requires vde-2 2021-08-31 or later -->
+			<string>--nostdin</string>
 		</array>
 		<key>StandardErrorPath</key>
 		<string>/var/run/vde.bridged.en0.stderr</string>

launchd/io.github.virtualsquare.vde-2.vde_switch.plist

@@ -10,7 +10,7 @@
 		<string>/usr/local/bin/vde_switch</string>
 		<key>ProgramArguments</key>
 		<array>
-			<string>/usr/local/bin/vde_switch</string>
+			<string>/opt/vde/bin/vde_switch</string>
 			<string>--sock</string>
 			<string>/var/run/vde.ctl</string>
 			<string>--pidfile</string>
@@ -19,6 +19,8 @@
 			<string>staff</string>
 			<string>--dirmode</string>
 			<string>0770</string>
+			<!-- Requires vde-2 2021-08-31 or later -->
+			<string>--nostdin</string>
 		</array>
 		<key>StandardErrorPath</key>
 		<string>/var/run/vde.stderr</string>