"Cole Helbling" writes: > On Sun Apr 11, 2021 at 4:57 AM PDT, Alyssa Ross wrote: >> In Spectrum, we want the host kernel to include as few drivers as >> possible, to reduce attack service. To accomplish this, we need to >> move as much hardware interaction as possible into VMs. This series >> introduces proof-of-concept network hardware isolation by passing >> through network devices to a VM, and having that VM handle all >> interaction with that hardware instead of the host system. > > [snip] > >> Alyssa Ross (16): >> linux: enable Xen everywhere it can be >> cloud-hypervisor: 0.8.0 -> 0.14.1 >> mdevd: init at 0.1.3.0 >> spectrumPackages.linux_vm: fix cloud-hypervisor hotplug >> spectrumPackages.linux_vm: allow config overrides >> crosvm: support setting guest MAC from --tap-fd >> spectrumPackages: export makeRootfs >> spectrumPackages.rootfs: add s6-rc support >> spectrumPackages.rootfs: make /var/lib and /var/run >> spectrumPackages.rootfs: add dbus configuration >> spectrumPackages.rootfs: add connman dbus services >> spectrumPackages.sys-vms.comp: init >> spectrumPackages.makeRootfs: move to default.nix >> spectrumPackages.sys-vms.net: init >> spectrumPackages.sys-vms.app: init >> spectrumPackages.spectrum-testhost: init >> >> .../cargo-lock-vendor-fix.patch | 53 ---- >> .../cloud-hypervisor/default.nix | 15 +- >> ...upport-setting-guest-MAC-from-tap-fd.patch | 294 ++++++++++++++++++ >> .../linux/chromium-os/crosvm/default.nix | 1 + >> .../linux/kernel/common-config.nix | 13 +- >> pkgs/os-specific/linux/kernel/patches.nix | 9 + >> pkgs/os-specific/linux/mdevd/default.nix | 28 ++ >> pkgs/os-specific/linux/spectrum/default.nix | 6 +- >> pkgs/os-specific/linux/spectrum/linux/vm.nix | 7 +- >> .../linux/spectrum/rootfs/default.nix | 92 +++--- >> .../linux/spectrum/rootfs/etc/group | 1 + >> .../linux/spectrum/rootfs/etc/passwd | 1 + >> .../linux/spectrum/rootfs/generic.nix | 48 --- >> .../linux/spectrum/rootfs/rc-services.nix | 26 ++ >> .../linux/spectrum/rootfs/stage1.nix | 25 +- >> .../linux/spectrum/spectrum-vm/default.nix | 6 +- >> .../linux/spectrum/testhost/default.nix | 205 ++++++++++++ >> .../linux/spectrum/vm/app/default.nix | 63 ++++ >> .../linux/spectrum/vm/comp/default.nix | 86 +++++ >> .../os-specific/linux/spectrum/vm/default.nix | 9 + >> .../linux/spectrum/vm/net/default.nix | 165 ++++++++++ >> pkgs/top-level/aliases.nix | 6 + >> pkgs/top-level/all-packages.nix | 12 +- >> 23 files changed, 976 insertions(+), 195 deletions(-) >> delete mode 100644 pkgs/applications/virtualization/cloud-hypervisor/cargo-lock-vendor-fix.patch >> create mode 100644 pkgs/os-specific/linux/chromium-os/crosvm/0001-crosvm-support-setting-guest-MAC-from-tap-fd.patch >> create mode 100644 pkgs/os-specific/linux/mdevd/default.nix >> delete mode 100644 pkgs/os-specific/linux/spectrum/rootfs/generic.nix >> create mode 100644 pkgs/os-specific/linux/spectrum/rootfs/rc-services.nix >> create mode 100644 pkgs/os-specific/linux/spectrum/testhost/default.nix >> create mode 100644 pkgs/os-specific/linux/spectrum/vm/app/default.nix >> create mode 100644 pkgs/os-specific/linux/spectrum/vm/comp/default.nix >> create mode 100644 pkgs/os-specific/linux/spectrum/vm/default.nix >> create mode 100644 pkgs/os-specific/linux/spectrum/vm/net/default.nix >> >> -- >> 2.30.0 > > Thanks for the beautiful cover letter. Such a great amount of detail > and information brings a tear to my eye! <3 > Each individual patch reviewed-by me, nothing stood out as weird or > wrong or bad or whatever. I only tested the final result, not each > individual patch. > > Reviewed-by: Cole Helbling > Tested-by: Cole Helbling Thanks! Committed as 583eb604ce3.