From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 6935774CE; Tue, 02 Dec 2025 03:47:59 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 9C79B73EB; Tue, 02 Dec 2025 03:47:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_PASS,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,WEIRD_QUOTING autolearn=unavailable autolearn_force=no version=4.0.1 Received: from mail-yw1-x1129.google.com (mail-yw1-x1129.google.com [IPv6:2607:f8b0:4864:20::1129]) by atuin.qyliss.net (Postfix) with ESMTPS id 6898B7444 for ; Tue, 02 Dec 2025 03:47:50 +0000 (UTC) Received: by mail-yw1-x1129.google.com with SMTP id 00721157ae682-7815092cd0bso43904107b3.2 for ; Mon, 01 Dec 2025 19:47:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764647268; x=1765252068; darn=spectrum-os.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=jQTQm5nwKnnJ7Kuu04tVcJ0t/h/h8NHdOJGW7aYvDvk=; b=kpb1p+OiqxCpKRSDJ9EZeI1wo1yucIAdMjd8n3PV1mHot/q2zuB3R2FC1+YXb7BVDK 8CpsGwUnjEnSh1wqBGhnFgF6vr10DFSuUh0flRVkTlCxDpANTUfgKLM8Cvp7xRu6k64S mh7Hh26UOj8RVV0qxDhPAxYRGyB/CWSA/aVdOGDwCXEuhtLHEtLMYkZeJ40BCjWU4pI4 CjHjVNkS/OhspLxFlz/GhYDCUoUNZoWz41YRtlcJqg5t8d383LPV1WNTVYHnrDJbdQgO oq7Mnh0+8lp1eir2Chk16J796F3kTb3kpkuXnqg5/P0jfNk84i3HXlYhWn06+XL8vWj3 L2mg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764647268; x=1765252068; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=jQTQm5nwKnnJ7Kuu04tVcJ0t/h/h8NHdOJGW7aYvDvk=; b=dAqh4Z3jQa7irxvNJ3m41MCOjZXafZK1a82hC61TReT+Cje0ogqTnq/Qx1dzVBXsim h21rDkbEwo7WJERAGSyguiEAs1Lkn4IQ/3hInSn/3fJTo98u1beIwECZ1PIhLanVworB ryhkOKoJX4pOoM2Gb2eSLkP5U8c3dFd31JfP0/4V4v2XoMHCiEapkicZ5fWsGeVdjpZZ Bct7/Bn+Q4KH6pm9Jt7vXp9xRXmQL72ILiuJZySwx33g/ePR5eyhlWxedQgdNUXgraJj LlhX5ZgjtfXKyWZptb3BkaUBP+tK1gonBcfqpZaD4GYyiAPshJ1/ng0IBvUoMapAftX7 bqcg== X-Gm-Message-State: AOJu0YzVppDZrzGSN0BZvkiCH+RTwwaYfhuXxBmNj3Eu9tXhWjZHL+OH IvInWEq2M3fnu3uII7fOwCP8YQaQD80voKA6PVW4QospOKx4eNg5xdlpyW0Qbg== X-Gm-Gg: ASbGncvpXmpB54C3tYNER2Yjft7mOJLgdyOT/5DFmV9E0K+cshzQK97zsWPoAAFYurP yB58FK+CiXuVknZotebrYLDXrTjj3vg/U/H8XcKQLVO6Vp6kkHlwZ/nOGO642yZr/TlLDf6m5V3 6TLJQY12rnQzVZxFw+C1+i1KNFFDNTm7aAqzkkK7yxIHAh9Lfb9408/tYuc8ub6S89IJ+47deI6 LWdyz3eyVNbbT7vfS7TfQKBNGubVM23yevep3LHeBXu4/H7taHlPFhJyohP18AxHeZsbkbTmypo vDKsE01YRTlDQuXe/dRmJ2u8VdxsiqKJhVywZSHvF4jpVKy0oVfe/UNX6LLt+A1nSaAPEhEyjHS KYXA+HxTSJ6AlppLVOczgZYvHrAFT6ePtY2yI2n5Di60+zb6qVHXEr5SwnryfgmVfI4PzIYLQiU s8y/Mr7TJxV+S6lkyVsE+ODFWhRKNBSOw9HnPsfJPm8kemSGP5R6e/NXxiuij0Se5DG2ppOKw5M 77OmVrOwg9oXZx1hAkioTABBJGvvnsZjMM= X-Google-Smtp-Source: AGHT+IFEvD2iHPtviJns81gng+lheeyWy/LkktfgoSk1dNTBXc/8p9UHKU6QTpaorv7sM0J5P7kxWw== X-Received: by 2002:a05:690c:e0e:b0:787:d352:fbe5 with SMTP id 00721157ae682-78ab6efa0d4mr455783697b3.39.1764647267769; Mon, 01 Dec 2025 19:47:47 -0800 (PST) Received: from localhost.localdomain (h96-60-249-169.cncrtn.broadband.dynamic.tds.net. [96.60.249.169]) by smtp.gmail.com with UTF8SMTPSA id 956f58d0204a3-6433c443360sm5802907d50.13.2025.12.01.19.47.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Dec 2025 19:47:47 -0800 (PST) From: Demi Marie Obenour Date: Mon, 01 Dec 2025 22:46:41 -0500 Subject: [PATCH v2 4/4] host/rootfs: Sandbox Cloud Hypervisor MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20251201-sandbox-v2-4-9f4e58252c2b@gmail.com> References: <20251201-sandbox-v2-0-9f4e58252c2b@gmail.com> In-Reply-To: <20251201-sandbox-v2-0-9f4e58252c2b@gmail.com> To: Spectrum OS Development X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1764647197; l=3026; i=demiobenour@gmail.com; s=20250729; h=from:subject:message-id; bh=spev/gJeKOKanHpDU39odQSsuWencNJdNfuAEOy3HRA=; b=sDtK12A3E6saxMXaihH0X8zUB3/LgGFjD7QStsNDKk+nUnZHD1TxaJXJIDn/Y0E6VHfnMysc8 UD8xklTXa2XBfiIYVI1FQx/SPaMOyWT5ZzHA3jWMkuk8sHqqyDBG1Gj X-Developer-Key: i=demiobenour@gmail.com; a=ed25519; pk=X57Q4/YQDj9t4SBeKaDwvXYKB6quZJVx/DE2Ly2out0= Message-ID-Hash: 7WOVDITY4FOFWRGGYFGSU6DBN6ZT7D7E X-Message-ID-Hash: 7WOVDITY4FOFWRGGYFGSU6DBN6ZT7D7E X-MailFrom: demiobenour@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Demi Marie Obenour , Alyssa Ross X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: It only needs access to a small number of resources. Unfortunately, it needs access to /dev/vfio right now. This should be fixed by using file descriptor passing instead. Furthermore, Cloud Hypervisor needs to be able to lock memory. Running in a user namespace prevents it from having CAP_IPC_LOCK. Therefore, it is necessary to increase RLIMIT_MLOCK before running Cloud Hypervisor. The s6-softlimit program can only increase the soft limit, not the hard one. Therefore, use Busybox sh to increase the hard limit. Given that sh must be used anyway, take the opportunity to use shell conditionals and redirection instead of a few external commands. Signed-off-by: Demi Marie Obenour --- .../image/etc/udev/rules.d/99-spectrum.rules | 3 ++ host/rootfs/image/usr/bin/run-vmm | 33 +++++++++++++++++++--- 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/host/rootfs/image/etc/udev/rules.d/99-spectrum.rules b/host/rootfs/image/etc/udev/rules.d/99-spectrum.rules index 337bbe47dbbc6f3828722d8244f2689a39f3090f..de0f682aa40f8481dc3c25a90c695e2326536316 100644 --- a/host/rootfs/image/etc/udev/rules.d/99-spectrum.rules +++ b/host/rootfs/image/etc/udev/rules.d/99-spectrum.rules @@ -3,3 +3,6 @@ # systemd-udevd unsets PATH, so fix that. ACTION!="remove", ENV{PCI_CLASS}=="2????", RUN+="/usr/bin/env PATH=/usr/bin /usr/libexec/net-add" + +# make /dev/kvm world-accessible +KERNEL=="kvm", MODE="0666" diff --git a/host/rootfs/image/usr/bin/run-vmm b/host/rootfs/image/usr/bin/run-vmm index ba8b59c2677408acdd01c2eda3cf2dd60992d881..5fb0678b5ca7b6bcf49bf362a9355113892e4030 100755 --- a/host/rootfs/image/usr/bin/run-vmm +++ b/host/rootfs/image/usr/bin/run-vmm @@ -49,8 +49,33 @@ background -d { ch-remote --api-socket /run/vm/by-id/${router_id}/vmm add-net id=router,vhost_user=on,socket=/run/vm/by-id/${router_id}/router-driver.sock,mac=02:01:00:00:00:01 } unexport ! -fdmove -c 3 0 -redirfd -r 0 /dev/null +# I am not aware of an execlineb command to increase the hard limit, so do it in sh. +# Given that sh is in use, do a few things with it that would need external commands otherwise. +sh -c "exec 3>&0 >/dev/null && ulimit -l unlimited && udevadm wait /dev/kvm && exec \"$""@\"" sh -if { udevadm wait /dev/kvm } -cloud-hypervisor --api-socket fd=3 +bwrap + --unshare-all + --unshare-user + --dev /dev + --dev-bind /dev/kvm /dev/kvm + --dev-bind /dev/vfio /dev/vfio + --tmpfs /dev/shm + --tmpfs /tmp + --tmpfs /var/tmp + --ro-bind /etc /etc + --ro-bind /lib /lib + --ro-bind /nix /nix + --ro-bind /usr /usr + --bind /sys /sys + --bind /run /run + --proc /proc + --remount-ro /proc + --ro-bind /dev/null /proc/timer_list + --tmpfs /proc/scsi + --remount-ro /proc/scsi + --ro-bind /dev/null /proc/kcore + --ro-bind /dev/null /proc/sysrq-trigger + --tmpfs /proc/acpi + --remount-ro /proc/acpi + -- + cloud-hypervisor --api-socket fd=3 -- 2.52.0