From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 870A1109F9; Wed, 03 Dec 2025 15:55:55 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 0558810A4E; Wed, 03 Dec 2025 15:55:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_PASS,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=4.0.1 Received: from mail-yx1-xb12e.google.com (mail-yx1-xb12e.google.com [IPv6:2607:f8b0:4864:20::b12e]) by atuin.qyliss.net (Postfix) with ESMTPS id 192D1109B8 for ; Wed, 03 Dec 2025 15:55:49 +0000 (UTC) Received: by mail-yx1-xb12e.google.com with SMTP id 956f58d0204a3-6443b62daf6so378700d50.0 for ; Wed, 03 Dec 2025 07:55:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764777346; x=1765382146; darn=spectrum-os.org; h=cc:to:references:in-reply-to:content-transfer-encoding:mime-version :message-id:date:subject:from:from:to:cc:subject:date:message-id :reply-to; bh=ud0+7U4iBSDSzH3JcUWxs7Js3ouP9ONBpozwFwJVEdo=; b=Kt2tdgsVZ9BgQQ1B+Ns3SpbFuhnBDDsYQjvcLnVQHTA4HRPcZnooICurCax3DbW5RE R3vXRfM9+FuTrGhSKT0aP6LwA8TJD5jjY4GySEbeGsQvysbcssVL5XUa9s9OmfKMzH7h lPTbJO6XOzwvP78x161OK6XXfXDT1TbxlCO50/tn/Usz5V9N+sUS93LcfE8hnCfzOExW xL5TjF+rxkGtTJnw9bD1fPozonUHlDjVaju6N/EWjU+stLlGp0+TVYCrJGqffrpRTa/r pjPs5TL9/0wyaE/BkC4yJpcVi2mLQv9PPldJ1aIZqjV44FWHFxPxEezvAyiyAp+NhSKk F9MQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764777346; x=1765382146; h=cc:to:references:in-reply-to:content-transfer-encoding:mime-version :message-id:date:subject:from:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ud0+7U4iBSDSzH3JcUWxs7Js3ouP9ONBpozwFwJVEdo=; b=EltnSQADwmcJphwSAR8Op64e3241cE0JzaP7WKD+3C5CPrrnQAVNywCJlsX+9sLgl4 qKB8eUnV84Gc/WD0QPUeDuPSmAQieDpZtifCEcjWcW1XshNu0w63ZUfITyzGMn9pszLC U51o7Acc3g55hk9IA5WuEf/TBD9mD92R0YASriN6U7OhpWUA3sUlhw/f/MQdq++CK5/q f3TzvR/SV3wjw34Mzx1dgddY50BoC4Vl7vLII7xLI8T3mxarSkTGz/gM8bELTvY9MyAh FkPlbCDoHdAyHOSgDsGlEUFimCPYKSz6WWei0bhCL1WyMUObOKZE1j0HZKK5HvK7j4Cp egtQ== X-Gm-Message-State: AOJu0Yy0rPzWX3EeEzMkegqZEMkncc8uDpiTCHWNTu8h+41pjznrKIsJ nnt2kZeFBx1rbESPOo9LYaVgmo1LVPglvCy69eHU63114L0AIhpeetQ6gBYwXg== X-Gm-Gg: ASbGncutKIK2fZVN00gZp+orv660R/t/b5ZKE+aVMLl7Ei1klxTaHwez1vwRSB7DObM dzDpAT1zLWyPmOqh37RHLL7mhWV5EBo0/HSx5rj3ZaN6CRW1VB7dri+L94xcowWRVwQiXYtbVpM w3d8p+qjzky6+OM5xszEuiPmRpI/DGblH31J3FitDwzcNxurefArYCWqOkvta1Z7/YZntC9z7Gk 97iGs5SEvagrPj/mdoG34mb3w971GftZZMAoq7BmaReDtRBldmmSkC0pd6QYidGsfczQYomKDdD FI3ikWmSlT+4kjUj8hrXOzaAZsgZHjYEL1P1ol+bocIiULu6O7OtcPpd1zFhmaeuPW/mCSNoKdL c6wk0VFs+Wnt1IA3a5+7Mr4p87RXVqabYTy6gNSq0ajWu8EfVcr+EftvWyvj0P6NnR7rmi9VwKu 1dcmPXj2qirVbCbqO77wgN3du96kSmHRjtzluj5PDonv+asQDbJSPP0azLSkCXxjgHtz37z+I6p vC4Czz6Xw9ZjEkLhRT+iQr1PXGR8khjepHikogTtk31BQ== X-Google-Smtp-Source: AGHT+IFKxflAnUirE7u5Lf52WGA+AF0yFO3KbuCnD3f5v9CAzFnOFM5EDQO+T1/emJJGnG91gpzJ4g== X-Received: by 2002:a05:690e:4144:b0:63f:b8ea:a187 with SMTP id 956f58d0204a3-64436f9a78fmr2183521d50.15.1764777345844; Wed, 03 Dec 2025 07:55:45 -0800 (PST) Received: from localhost.localdomain (h96-60-249-169.cncrtn.broadband.dynamic.tds.net. [96.60.249.169]) by smtp.gmail.com with UTF8SMTPSA id 00721157ae682-78ad0d66f38sm74641917b3.23.2025.12.03.07.55.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Dec 2025 07:55:45 -0800 (PST) From: Demi Marie Obenour Subject: [PATCH v3 0/5] Partially sandbox Cloud Hypervisor, crosvm, virtiofsd, and the router Date: Wed, 03 Dec 2025 10:54:54 -0500 Message-Id: <20251203-sandbox-v3-0-f16ae06a251e@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-B4-Tracking: v=1; b=H4sIAE5dMGkC/2WMwQ6DIBAFf8Vw7jawgik99T+aHkBQN6nSQENsj P9e9GKTHuflzSws+Ug+sWu1sOgzJQpTgfpUsXYwU++BXGGGHJUQqCGZydkwgzISTWOksEqz8n5 F39G8l+6PwgOld4ifPZzFtv43sgABjTNWY6O4dPWtHw09z20Y2dbIeHjIxeEhcNCd9OqCClu0v 966rl+RZi5g1gAAAA== X-Change-ID: 20251129-sandbox-5a42a6a41b59 In-Reply-To: <20251201-sandbox-v2-0-9f4e58252c2b@gmail.com> References: <20251201-sandbox-v2-0-9f4e58252c2b@gmail.com> To: Spectrum OS Development X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1764777294; l=1949; i=demiobenour@gmail.com; s=20250729; h=from:subject:message-id; bh=TVBkM4O50SVajDEStJt9rzb9Npj4ghteOmKAZvBlaBU=; b=D+2cIUEFfEsGt0IdZ5RHdbJLF0yf6UyBbSncaU3GpafVPj2+GVOjsR5ugoWz1QzQC1+KGXVA6 fDfsx946ux2AJzihEC42xUuT18hNCnG3upf3qU8EOpnTlWObNXLdkqU X-Developer-Key: i=demiobenour@gmail.com; a=ed25519; pk=X57Q4/YQDj9t4SBeKaDwvXYKB6quZJVx/DE2Ly2out0= Message-ID-Hash: MPHLAMDTDEOGKMS5WETNQY6QXFJRLKKJ X-Message-ID-Hash: MPHLAMDTDEOGKMS5WETNQY6QXFJRLKKJ X-MailFrom: demiobenour@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Demi Marie Obenour , Alyssa Ross X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This restricts the access of these programs to the system. Seccomp is not enabled, though, and the processes still run as root. Full sandboxing needs additional work. In particular, Cloud Hypervisor should receive access to VFIO devices via file descriptor passing. D-Bus and the portal are not sandboxed. They have full access to all user files by design, so a breach of either is catastrophic no matter what. Furthermore, sandboxing them even slightly proved very difficult. Signed-off-by: Demi Marie Obenour --- Changes in v3: - Protect bus daemon and portal from other services. - Use s6-softlimit instead of sh to set hard RLIMIT_MEMLOCK. - Link to v2: https://spectrum-os.org/lists/archives/spectrum-devel/20251201-sandbox-v2-0-9f4e58252c2b@gmail.com Changes in v2: - Sandbox Cloud Hypervisor, virtiofsd, and the router - Link to v1: https://spectrum-os.org/lists/archives/spectrum-devel/20251129-sandbox-v1-1-6dab926504d3@gmail.com --- Demi Marie Obenour (5): host/rootfs: Sandbox crosvm host/rootfs: Sandbox router host/rootfs: Unshare a few more namespaces in virtiofsd host/rootfs: Sandbox Cloud Hypervisor host/rootfs: Try to protect the portal and dbus daemon host/rootfs/default.nix | 4 +-- .../vm-services/template/data/service/dbus/run | 1 + .../template/data/service/spectrum-router/run | 19 +++++++++++-- .../template/data/service/vhost-user-fs/run | 2 +- .../template/data/service/vhost-user-gpu/run | 29 +++++++++++++++++++ .../image/etc/udev/rules.d/99-spectrum.rules | 3 ++ host/rootfs/image/usr/bin/run-vmm | 33 +++++++++++++++++++++- 7 files changed, 84 insertions(+), 7 deletions(-) --- base-commit: 36d857a937900f85b460e9b3db89cf79737bd72c change-id: 20251129-sandbox-5a42a6a41b59 -- Sincerely, Demi Marie Obenour (she/her/hers)