From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE
	autolearn=unavailable autolearn_force=no version=3.4.6
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id C572F50FF9;
	Tue,  6 Dec 2022 11:42:50 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 496)
	id 5C7EE51026; Tue,  6 Dec 2022 11:42:48 +0000 (UTC)
Received: from mail-ed1-x542.google.com (mail-ed1-x542.google.com
 [IPv6:2a00:1450:4864:20::542])
	by atuin.qyliss.net (Postfix) with ESMTPS id B48A450FF2
	for <devel@spectrum-os.org>; Tue,  6 Dec 2022 11:42:44 +0000 (UTC)
Received: by mail-ed1-x542.google.com with SMTP id f7so19880213edc.6
        for <devel@spectrum-os.org>; Tue, 06 Dec 2022 03:42:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=unikie.com; s=google;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=fXjBB0MltFAJlH10+VHehSvImZSAJtQ7gKIwkh8IE4w=;
        b=P+ZhqrRmdQgGjMEu1KF/eJiRXKiYyrXQVf+YCWChwJQuYNqUZs72yloObBWGQGM06S
         Czsfl/cRvQu4DGPUuQCJRo2HPoFmzqE/VRp/nsUuFDvsEhZ/nh1pKw3U50qsjMoWOqPk
         MsOvjCljtAkhwDQVXgZODewPhOf9OTAntcDnkz2l2s6wuYY3ye1Ny1kTrXVzY8LfZnW6
         BJk9A9IeHzh6umXzmIQjNo/LAa0oJUywCQarD4cmL9EqAQyRpgFzDFFLJ4A+9Nj4PyhR
         eexGtUSp6LDumv+6xhSBkbquvDtOaLALZ6Wcx3nh+tZFZOIsi6Vn+a7Reznn5KEpg3Pe
         ihGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=fXjBB0MltFAJlH10+VHehSvImZSAJtQ7gKIwkh8IE4w=;
        b=Tdl/BS7ZTslPC6nu9abjGzgkzROOVbNSkjFqBOg0jcZ/8uWBTy+445FAgY1mFw3Ni8
         8TUICwsjQkkxMzCrxUFVMTyY8FRBE4M9qrZvwhlv5NAaVfRbMC48gJDrevhqgKWKlCaK
         tQWPPI0X2pT8Cez73o5OCi1wrcWD4DaNu7LuK73YXznYcy5LZtGdpetIlF3nUfHFOCBv
         qqWCik4zPozV1bs83qNMYPJoeylv/s9/DHxOhZDrwSSpJrtz2gIPooXtnEPA0nkylQGH
         sdkUb67PIVwJWNips5EcJgfe7vjejP7oiY8yV6e7mODfE1ojKNB2uAzB/j+LjfGDUgjU
         spmg==
X-Gm-Message-State: ANoB5pkkidAICNtuZ037eIHsJ5GWmALWBPh3Jnehr3BtnXlgpAcXHCZT
	yn/EqJ0ptAldR5GWIv14rQrnxfArX8h6g+0lmeI=
X-Google-Smtp-Source: 
 AA0mqf4L+IjEcv4V/O0jsG48IGWoVFlnw9LGYXjacFY5GXA3B0+rRx6JHYuGRktRefmFolJv+ZqF3w==
X-Received: by 2002:aa7:c9d0:0:b0:458:ed79:ed5 with SMTP id
 i16-20020aa7c9d0000000b00458ed790ed5mr61820922edt.374.1670326961360;
        Tue, 06 Dec 2022 03:42:41 -0800 (PST)
Received: from x220.qyliss.net (p54b8e1f2.dip0.t-ipconnect.de.
 [84.184.225.242])
        by smtp.gmail.com with ESMTPSA id
 ga18-20020a170906b85200b00781be3e7badsm7257084ejb.53.2022.12.06.03.42.40
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 06 Dec 2022 03:42:40 -0800 (PST)
Received: by x220.qyliss.net (Postfix, from userid 1000)
	id 009BC54A; Tue,  6 Dec 2022 11:42:39 +0000 (UTC)
Date: Tue, 6 Dec 2022 11:42:39 +0000
From: Alyssa Ross <alyssa.ross@unikie.com>
To: Vadim Likholetov <vadim.likholetov@unikie.com>
Subject: Re: Firefox appVM patches and appVM refactoring
Message-ID: <20221206114239.ifel7s6ctmhzymbc@x220>
References: 
 <CALSVioAzuzQCqRUqbSkjApUrJe-y-yxdKTow7CN2J+W5vq0iLQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="5pxp7tv4cxihrafa"
Content-Disposition: inline
In-Reply-To: 
 <CALSVioAzuzQCqRUqbSkjApUrJe-y-yxdKTow7CN2J+W5vq0iLQ@mail.gmail.com>
Message-ID-Hash: 6JF32US63K52YV67A6VN45VPNRVXZVGW
X-Message-ID-Hash: 6JF32US63K52YV67A6VN45VPNRVXZVGW
X-MailFrom: alyssa.ross@unikie.com
X-Mailman-Rule-Hits: header-match-devel.spectrum-os.org-0
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1
CC: devel@spectrum-os.org
X-Mailman-Version: 3.3.5
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/6JF32US63K52YV67A6VN45VPNRVXZVGW/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>


--5pxp7tv4cxihrafa
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Dec 05, 2022 at 12:42:35AM +0200, Vadim Likholetov wrote:
> I've made an Firefox appVM for wayland using my waypipe patches.
> To make this appVM I have had to refactor Spectrum OS appvm infrastructur=
e.
> The main idea of refactoring is enabling appvm to have a user with normal
> priviledges, not superuser.
> Running everything from root is not the best idea for secure OS :-)

In this case, the application running as root is the only thing running
in the VM, so it doesn't _really_ matter, but it is still a good idea to
fix, as some applications will refuse to run as root.

(cloud-hypervisor also runs on the /host/ as root, and that's something
that we'll definitely want to fix, but that's more complicated as just
statically assigning c-h processes to uids won't work when we want to
dynamically create and destroy VMs.  We'll likely want something akin to
systemd's DynamicUser=3D.)

> So now the .nix file for appvm has two sections, one that is executed as
> root and one as user.
> Here is the sample of this definitions:
>
> { config ? import ../../../nix/eval-config.nix {} }:
>
> import ../make-vm.nix { inherit config; } {
>   providers.net =3D [ "netvm" ];
>
>   run =3D config.pkgs.pkgsStatic.callPackage (
>    { writeScript }:
>     writeScript "run-root-shell" ''
>       #!/bin/execlineb -P
>       /bin/sh
>     ''
>   ) { };
>
>   run-as-user =3D config.pkgs.pkgsStatic.callPackage (
>     { writeScript, lynx }:
>     writeScript "run-lynx" ''
>       #!/bin/execlineb -P
>       ${lynx}/bin/lynx https://spectrum-os.org
>     ''
>   ) { };
>
> }

I'm not too sure about this part =E2=80=94 it seems like quite a lot of
complexity in the app VM implementation, when dropping privileges
(unless there's something I haven't considered?) should be as simple as
putting "s6-applyuidgid -u 1000 -g 1000" in the VM run script at the
point where privileges can be dropped.

> Cloud-hypervisor has virtual hardware limitations -- it supports only one
> console device and only one serial device.
> SpectrumOS is using serial device for kernel logs of appVM and console
> device as a console.
> To have access both to root-executed part and to user-executed part of the
> VM payload, I installed a tmux on console.
> Now, when you're running vm-console command  you get access to the tmux
>  and have the ability to switch between root and user consoles,
> that can be useful during debugging VM payload.
>
> To run Firefox appVM use vm-start-way command: vm-start-way appvm-firefox=
 :)

Would it work with virtio-gpu?  I'm still not convinced on Waypipe =E2=80=94
where the previous discussion left off, we were talking about VMs over
the network.  That would be an interesting thing to look at (and it
would be really cool if we could make it work!), but doing it would take
a lot more than just network-transparent Wayland proxying, so if that's
the main thing we'd get out of Waypipe, I think it would only make sense
to add Waypipe support as part of that bigger work.  (And this point in
time, when how VMs work at all in Spectrum is a bit in flux, is probably
not the best time to start trying to massively expand their scope!)

> i beleive that as soon as spectrumOS features will cover basic user needs
> it's popularity and community will grow and this will make positive impact
> on SpectrumOS itself.
> Using appvm-firefox prototype you may build another wayland-enabled appVM=
s.

Yeah, having a Firefox example VM would be really great for
demonstrating how Spectrum works and what it can do, and I'm pleased
that we're even getting to a point where it would work!  Firefox is a
big application that does a lot of stuff, so it would also be useful for
testing all sorts of other features, like audio or XDG desktop portals.
I'd be very happy to accept a Firefox VM that used virtio-gpu. :)

--5pxp7tv4cxihrafa
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEH9wgcxqlHM/ARR3h+dvtSFmyccAFAmOPKp8ACgkQ+dvtSFmy
ccCyDw//c1FdQhX1uqyOD7D6zTgEj0WO1p6364owBEbBiWtjIGLuvqZvT58EIRPf
l8LCCynip2xu6FDPiKmXHJEpC2q1mbXsDiIJRnF7bXk0ayGQKl958LsUW2PTszTH
oIcp1aYkKiXbPFf5GwJ1iuB12qyRBT7s7AtjIbtBIENP/GxGliLekni/csA2EI8Z
2dSrLufFnRLNm3M/35mMGehwiQX2G0M9+awCudaSI/ZGqoNrkWO5n4RxGp3+d2ZQ
PsFyrIiquM1IovAp8apS07Rey9GrEb9A079ECYhv+iuXmz7v1JUt0x+TWe0OUqfY
VlNyaqmu7z8x1ows7+wz/YeRQq8UvtSSZT2Kduy/ubw7WG5cE7xhtOKzioXmZt4+
Yunya78FXvU/wSN8qoQ2QZXzqhpJXPuujR9nUvh7OK0yTPPPsZqJv2d/RmH2Bxmg
yuPYKltfD9nrbZFSpinxsuy0vLVYdlKp5ZxjOaC8Sl8NcQOBG9OTMJnnQKOQlGSY
SeFkDNVZvxo18LdHF+dQgdQxD2pCedeRB0q6R17aFdkCmT/4xJk2hoz69occ6wcz
NUqt6ECgzTGZQH46EPhGYVOOj7cqCi0DtEca0v0I9PvP6rHDVfXuASVsMaE66ltM
mG33JHgQySEwVxxv+3GZ4NxtsBpuhgjdXiCgUWX3RutwBNwtJYo=
=AyIb
-----END PGP SIGNATURE-----

--5pxp7tv4cxihrafa--