From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 279147476;
	Tue, 02 Dec 2025 03:47:54 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id 56AB2743D; Tue, 02 Dec 2025 03:47:49 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_PASS,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,
	SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=4.0.1
Received: from mail-yx1-xb12f.google.com (mail-yx1-xb12f.google.com
 [IPv6:2607:f8b0:4864:20::b12f])
	by atuin.qyliss.net (Postfix) with ESMTPS id 8927073D4
	for <devel@spectrum-os.org>; Tue, 02 Dec 2025 03:47:47 +0000 (UTC)
Received: by mail-yx1-xb12f.google.com with SMTP id
 956f58d0204a3-6420dc2e5feso3916284d50.3
        for <devel@spectrum-os.org>; Mon, 01 Dec 2025 19:47:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1764647264; x=1765252064;
 darn=spectrum-os.org;
        h=cc:to:references:in-reply-to:content-transfer-encoding:mime-version
         :message-id:date:subject:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Xw2D+40s2ph/DA/38m4xWhLkn2IJFwSWUH73ZgYx9v0=;
        b=geia1+bdJL8ivFaNpeEOFshbKtJF8xxZ4+Lcb7d2MMcBfqEH/o/7UiywlmCm/V+ekf
         +kfk4fNDSe07MH9sCfi1STTTqpEjaDWz7cCQ7snndHcNAmsP3c5gdoJ24nZPOBkkDGuT
         kvf7UhwhS6KSudDwN8aSfErd6n+oK5yLtdjivNcMuF5OAY0Puu0xNIMTVVM7XcwqzIt8
         YfQEMUS1FsS7y6rtszzbvqt1apFIBPoewKbMSxqidSgKfm5hBcVefE8KoAU7TetpNoUp
         hL20GKVHgxLqUyZy3fqXW7w8DIKDUGeuFiv+6Gt4DPvI8o+S6h+4C60jkvpGNQ4sziLI
         qjzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1764647264; x=1765252064;
        h=cc:to:references:in-reply-to:content-transfer-encoding:mime-version
         :message-id:date:subject:from:x-gm-gg:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Xw2D+40s2ph/DA/38m4xWhLkn2IJFwSWUH73ZgYx9v0=;
        b=klO6sry4RAHWjb4a9rlbEDBTk95NmSS8IDaI3ExTxex+uoDGvbOSor5oAdKsIH1vJs
         OMbnhSOdtJirqO/Jne88yPhh26G8nNg0+fR0rIF7a1IwxBydY5rOqzf+OpGiue/ChL2j
         0it2NQAAIA+8r4sU6blrt7K2/hE8yGzz5ma1zvMoEYUjqvhKjSLQtVXrS/Go0ksjWTCC
         2ALf40y80X37xxoPNAQeOnK8QzWPfO7l6oDCT/Ys8O593zApQMyJiFB79raRez4KDdyo
         tmN+GwiYmKh1I0jXGvLgYyRGNuipwgJub+A/Iu7HARBDuGPscfFeawagDJOOec5WD+YL
         IFNQ==
X-Gm-Message-State: AOJu0YyZWV1zdirVFVk8ernedHPzwkCfnlPUUUcXLqNBx8Vk27QBSxFQ
	23eEQIGh/3XsdK/cojPHFz854V5at2ZKURFquS7FH9JHFHdlYMNr9g1JITZZ2A==
X-Gm-Gg: ASbGnctk9joyZzqh4RfbnWPbYW2MbVIagTW9w0vWaWh4DRJB84MBxHcY4TAHD+PPTQc
	+ztu2AC3qd2NWow03z2vof/307NAm0cKVn5Dy3bV38oiPVF9RmVlyr8+2wRBp6ITz/RPpMeLQAE
	mRY4VTfUtYWxhZRGOUO76hXe6XfbL6WqIkYv00A1HZ7gxjBTiQgr43QhFqjbnNFRzm7kBtVbopC
	Lw2pkBZWG9siZ9HMu9c0Soamo4OtdDZGUfFh8pRH5AnPqgBSIi0jS3n3MjGujW2TMAeJXF0ud1r
	XbHZ5En34K1Eb99alUPNm33ou1ZqmX4vVtvtdtO+03yqKBGGO4igGR3WEt6sING0vQ5ySIPAYJr
	5X8QiAbyP8UG8bhBI2wcgDwvh0ttJrdhhUvFhMz8HbALgv5QDZrvcLJyifC9foiFTPCd86ujF+H
	RJZDIWJwEk/ULDy8ndGiV4R72U/5KzdCxHbkpJwdbJxAuekkVtNaRv+Xf57lwY+Ac8SEI/Cm4zJ
	ZvYoO3w2A7qE7dCKfcuUMR2DxSq6wXtSi8=
X-Google-Smtp-Source: 
 AGHT+IF3pX++LCm4yOPKbhC4OJ8hnnB1OnypZPcxW8aVjVW1HqC1SW5jAFIIMGo+OYidoIll4GEj5Q==
X-Received: by 2002:a05:690e:1505:b0:63f:9796:39b7 with SMTP id
 956f58d0204a3-64302aba6aamr28191411d50.49.1764647263760;
        Mon, 01 Dec 2025 19:47:43 -0800 (PST)
Received: from localhost.localdomain
 (h96-60-249-169.cncrtn.broadband.dynamic.tds.net. [96.60.249.169])
        by smtp.gmail.com with UTF8SMTPSA id
 00721157ae682-78ad1045914sm58649087b3.53.2025.12.01.19.47.42
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 01 Dec 2025 19:47:42 -0800 (PST)
From: Demi Marie Obenour <demiobenour@gmail.com>
Subject: [PATCH v2 0/4] Partially sandbox Cloud Hypervisor, crosvm,
 virtiofsd, and the router
Date: Mon, 01 Dec 2025 22:46:37 -0500
Message-Id: <20251201-sandbox-v2-0-9f4e58252c2b@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-B4-Tracking: v=1; b=H4sIAB1hLmkC/2XMQQ7CIBCF4as0sxbTQSDBlfcwXQwF20lsMWBIT
 cPdxW5d/i8v3w45JA4Zrt0OKRTOHNcW8tTBONM6BcG+NcheakRpRabVu7gJTUqSIYVOW2jvVwo
 P3g7pPrSeOb9j+hxwwd/6bxQUKIwnZ6XRvfKX27QQP89jXGCotX4ByrrAmZ4AAAA=
X-Change-ID: 20251129-sandbox-5a42a6a41b59
In-Reply-To: <20251129-sandbox-v1-1-6dab926504d3@gmail.com>
References: <20251129-sandbox-v1-1-6dab926504d3@gmail.com>
To: Spectrum OS Development <devel@spectrum-os.org>
X-Mailer: b4 0.14.3
X-Developer-Signature: v=1; a=ed25519-sha256; t=1764647197; l=1696;
 i=demiobenour@gmail.com; s=20250729; h=from:subject:message-id;
 bh=GhHrwgdcswKVppclNJumpjBEI5mJQ9DRshkzvcooNVM=;
 b=RVVUE82iPfMAPHVCV1Wu+3iWSMz12T3AIALrywRxFImawy1T73EPf0URqhCBlEdhrhia3qavO
 yfDRm0EQNRGDMP9QvadVM4GGcJ6yalsMRDURYDxnAhvL+4fY+HPG06H
X-Developer-Key: i=demiobenour@gmail.com; a=ed25519;
 pk=X57Q4/YQDj9t4SBeKaDwvXYKB6quZJVx/DE2Ly2out0=
Message-ID-Hash: 4ZZ2VYX2WYTONX4WQ5YSH73WG2M26DVW
X-Message-ID-Hash: 4ZZ2VYX2WYTONX4WQ5YSH73WG2M26DVW
X-MailFrom: demiobenour@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: Demi Marie Obenour <demiobenour@gmail.com>, Alyssa Ross <hi@alyssa.is>
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/4ZZ2VYX2WYTONX4WQ5YSH73WG2M26DVW/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

This restricts the access of these programs to the system.  Seccomp is
not enabled, though, and the processes still run as root.  Full
sandboxing needs additional work.  In particular, Cloud Hypervisor
should receive access to VFIO devices via file descriptor passing.

Sandboxing Cloud Hypervisor requires the use of sh, as there is no s6
or execline program to increase hard resource limits.

D-Bus and the portal are not sandboxed.  They have full access to all
user files by design, so a breach of either is catastrophic no matter
what.   Furthermore, sandboxing them even slightly proved very
difficult.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
---
Changes in v2:
- Sandbox Cloud Hypervisor, virtiofsd, and the router
- Link to v1: https://spectrum-os.org/lists/archives/spectrum-devel/20251129-sandbox-v1-1-6dab926504d3@gmail.com

---
Demi Marie Obenour (4):
      host/rootfs: Sandbox crosvm
      host/rootfs: Sandbox router
      host/rootfs: Sandbox virtiofsd
      host/rootfs: Sandbox Cloud Hypervisor

 host/rootfs/default.nix                            |  4 +--
 .../template/data/service/spectrum-router/run      | 19 +++++++++++--
 .../template/data/service/vhost-user-fs/run        | 28 ++++++++++++++++--
 .../template/data/service/vhost-user-gpu/run       | 24 +++++++++++++++-
 .../image/etc/udev/rules.d/99-spectrum.rules       |  3 ++
 host/rootfs/image/usr/bin/run-vmm                  | 33 +++++++++++++++++++---
 6 files changed, 98 insertions(+), 13 deletions(-)
---
base-commit: 44f32b7a4b3cfbb4046447318e6753dd0eb71add
change-id: 20251129-sandbox-5a42a6a41b59

-- 
Sincerely,
Demi Marie Obenour (she/her/hers)