get rid of FreeBSD kludge by using devfs!

README.md

@@ -96,6 +96,20 @@ SRV# sysctl net.link.tap.up_on_open=1
 SRV# brctl addbr ext
 ```
 
+At least on FreeBSD, in order to monitor unikernels write permissions to
+`/dev/vmm/<vm>` are needed.  To achieve this (otherwise `vmm_stats` won't be
+able to collect statistics unless running as a privileged user, the following
+`devfs` ruleset can be used in `/etc/devfs.rules` (in case you created an
+`albatross` group):
+
+```
+[albatross=10]
+add path 'vmm/ukvm*' mode 0660 group albatross
+```
+
+Also need to activate by adding `devfs_system_ruleset="albatross"` to
+`/etc/rc.conf` and `service devd restart` on the host system.
+
 ## Provision our first virtual machine
 
 We will delegate some resource to a certificate and key we keep on our

src/vmm_commands.ml

@@ -190,13 +190,3 @@ let exec vm taps =
     R.error_msgf "cmd %a exits: %a" Bos.Cmd.pp cmd pp_unix_error e
 
 let destroy vm = Unix.kill vm.pid 15 (* 15 is SIGTERM *)
-
-let setup_freebsd_kludge pid =
-  (* on FreeBSD we need to chmod g+rw /dev/vmm/ukvm$pid to run
-     bhyvectl --get-stats --vm=ukvm$pid as non-priviliged user *)
-  Lazy.force (uname ()) >>= fun (sys, _) ->
-  match sys with
-  | x when x = "FreeBSD" ->
-    let dev = "/dev/vmm/ukvm" ^ string_of_int pid in
-    Bos.OS.Cmd.run Bos.Cmd.(v "chmod" % "g+rw" % dev)
-  | _ -> Ok ()

src/vmm_commands.mli

@@ -17,5 +17,3 @@ val close_no_err : Unix.file_descr -> unit
 val create_tap : string -> (string, [> R.msg ]) result
 
 val create_bridge : string -> (unit, [> R.msg ]) result
-
-val setup_freebsd_kludge : int -> (unit, [> R.msg ]) result

src/vmm_engine.ml

@@ -141,7 +141,6 @@ let handle_create t vm_config policies =
         Ok (t, `Tls (s, tls_out) :: out, vm))
 
 let setup_stats t vm =
-  Vmm_commands.setup_freebsd_kludge vm.pid >>= fun () ->
   let stat_out = Vmm_wire.Stats.add t.stats_counter t.stats_version (vm_id vm.config) vm.pid vm.taps in
   let t = { t with stats_counter = succ t.stats_counter } in
   Ok (t, stat t stat_out)