From 20a65f5be6e0ebc99b33cb5152aa517ee883be28 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Mon, 11 May 2020 19:15:54 +0000 Subject: [PATCH] Mention spectrum-vm in crosvm documentation Thanks-to: Cole Helbling Thanks-to: Michael Raskin <7c6f434c@mail.ru> --- developer-manual.adoc | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/developer-manual.adoc b/developer-manual.adoc index 06f8dc1..f96202e 100644 --- a/developer-manual.adoc +++ b/developer-manual.adoc @@ -175,11 +175,24 @@ then not use the Nixpkgs minijail. You would definitely want to do things this if you were going to be hacking on Minijail. **** -You can then build crosvm with cargo build. Due to hardcoded paths to -seccomp policy files, this crosvm will probably not work with -sandboxing enabled, so you'll have to use --disable-sandbox. If you -need to test sandboxing, your best bet is to try to modify the crosvm -Nix derivation to use your modified sources. +You can then build crosvm with cargo build. Spectrum's Nixpkgs +provides a utility program for running a test VM with a custom crosvm +build. It can be used as follows: + +---- +cargo build +nix-shell -I nixpkgs=/path/to/nixpkgs-spectrum \ + -p spectrumPackages.spectrum-vm \ + --run 'spectrum-vm -C target/debug/crosvm -- --disable-sandbox' +---- + +`--disable-sandbox` is required because crosvm has hardcoded paths to +seccomp policy files. If you need to test sandboxing, your best bet +is to try to modify the crosvm Nix derivation to use your modified +sources. There's an http://crbug.com/1052126[upstream crosvm bug] to +compile the policy files into the crosvm binary so paths don't have to +be hardcoded. + === Sommelier -- git format-patch -1 --stdout -C 20a65f5be6e0ebc99b33cb5152aa517ee883be28