From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 3BC9D1D4E7; Fri, 05 Dec 2025 15:55:07 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id DACB71D4E1; Fri, 05 Dec 2025 15:55:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_PASS,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=4.0.1 Received: from mail-yx1-xb12a.google.com (mail-yx1-xb12a.google.com [IPv6:2607:f8b0:4864:20::b12a]) by atuin.qyliss.net (Postfix) with ESMTPS id 433751D4DE for ; Fri, 05 Dec 2025 15:55:04 +0000 (UTC) Received: by mail-yx1-xb12a.google.com with SMTP id 956f58d0204a3-640daf41b19so3279441d50.0 for ; Fri, 05 Dec 2025 07:55:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764950100; x=1765554900; darn=spectrum-os.org; h=cc:to:message-id:content-transfer-encoding:mime-version:subject :date:from:from:to:cc:subject:date:message-id:reply-to; bh=fBuX5gJdkfi1GMIQaJK+X9knIyrpleyDROoBNgQWdGI=; b=GcuimwFfKpU+bMq6sZQHakQ1vp+UNGpoF1bRPIpbQr6x8e4MPGWSVFrmEKDBcyfQ5K fQU0d3mOJp7tV2zHqEm48GLQQxPup6bspdfj9N9YRJx2BTUmVSqeaE9kqNKXRHfI9dZQ GEi1CLGIOcQ0LEZFFCBE2UNY0CU6KSLzdOuKFKJ+cnrOc6FpbpPjd7cO1qTzd+DX9zCN 0XzCt+q3nBE5THFO7t/j6OG5zYnNK2/8Bee9XQZJLVK3tPsoLe9lFHhjNS4LpE/WYTRH uEAI9vpT+lrQIyBwnCL1zZfF9rfdUFLX752K9tyNCCVLy2wzhF6wFDRQRkZSWfzSdFOl T2hw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764950100; x=1765554900; h=cc:to:message-id:content-transfer-encoding:mime-version:subject :date:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=fBuX5gJdkfi1GMIQaJK+X9knIyrpleyDROoBNgQWdGI=; b=mLweGww3mZp963Qjot8wje9iyRmHlYypRWfPmXnXlspjFMctLtHAN3a/NvVDqvj5Xh JUoEtjdj3rNNJFi0fK1jEx0N3pgQQ6IxnT14geRpjznBX4mlc8x08pSKa+aoOfGt1iWG vS+g1e8Ir21suueqVHvv/8epxj6c4av9JIi+d521OaOo6WBHBP0eouDDcuEoqa7nRBWZ hi8oEzm6S+vdMb00sWOXtJJsDjdaTOGE0TFxfNOHZkw78L3h6AObUgt19GvNSdU28Ea/ 5dBIbAV0Yh71iLq5VKOVRx5+2FbCppuwMzrKbFzm/4FcNK8Af6pZnKZ1zNuuK7Dz+WUV HEOA== X-Gm-Message-State: AOJu0YzJ4F6e2GlaJms1wMCOy1R/3tdufYlxVNLxAUvSvvspZ73qa4+K 5jzXKansqrhwywJR1qbpnuxu/uH7S4lXs208WKcnd2WSL0sJEJruwR/teQadWQ== X-Gm-Gg: ASbGncuJrC7JTDFiGuFcvifXOcKUgYSI/+tlnuVGSNm4CqlJ6BUqWKUnp1CPpoj1uix Pa+juvCJIKrclOa2HP+yOU7pp/XgKdugBB0r+8YHidMqFZp59/QmoFyO6FAEKgogimw0XF4IJ4N OdegVCumszhig0EIMEaSkiHkbRwlRTdzRz+nF78NiWh11AUDUiRWM9CX5Rpz7ri5jy0ZfFsuwhU 7W4KHDTyobg9vH+cp6v5fXKW8m8opFppxaXk1J8xtj0l/JKa9uS1lfGNLwp3YsqJ8U9rn/e79nL IYiCNnaKX8GFs+4wqXsIxdOFz9Tql+Lnoo83HiAG+vFta/m1MD1CKJdifmYqDT0Q01RDjCehQbB vm+Xg9OT5ognUiUF6UTbx4DkMThq8muyERV4L8Wh8h/8kzVYTCFzuTD7GVqQPExfeIiz53dcCd4 h7+WITpe4sDXkrrj+k9nsE++CFiCqBHNjREUQbdtstt++sdNmFiCJ4xnJ/QWF7J1QdkzCBU4uNm nMAbVWm+Lx1h87gzWc/eV+HXiKIhPYHBEw= X-Google-Smtp-Source: AGHT+IHzA3ttPi39oJyjIuNcq4Hhy7CUUup8B8Cv08u/+YGPjge5idF0VFmr4PDCs/GLCP6Nx2n3xg== X-Received: by 2002:a05:690e:1919:b0:63f:a818:6d37 with SMTP id 956f58d0204a3-6444d0b1e87mr555988d50.8.1764950100221; Fri, 05 Dec 2025 07:55:00 -0800 (PST) Received: from localhost.localdomain (h96-60-249-169.cncrtn.broadband.dynamic.tds.net. [96.60.249.169]) by smtp.gmail.com with UTF8SMTPSA id 00721157ae682-78c1b779458sm17861807b3.35.2025.12.05.07.54.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Dec 2025 07:54:59 -0800 (PST) From: Demi Marie Obenour Date: Fri, 05 Dec 2025 10:54:41 -0500 Subject: [PATCH] host/rootfs: Sandbox Weston (almost) for real MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20251205-sandbox-weston-v1-1-c55b2d9cb8d2@gmail.com> X-B4-Tracking: v=1; b=H4sIAEAAM2kC/x3MQQqAIBBA0avIrBNUGIquEi3UppqNhhMlRHdPW r7F/w8IFSaBUT1Q6GLhnBpspyDuPm2keWkGZxxaZ1CLT0vIVd8kZ066D2GISCYgrtCio9DK9R9 O8/t+QifFWGAAAAA= X-Change-ID: 20251205-sandbox-weston-7bb8c5e0b55f To: Spectrum OS Development X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1764950080; l=2435; i=demiobenour@gmail.com; s=20250729; h=from:subject:message-id; bh=szJTA14xIs5ENZkFrtlu8FsMe6ZP9S448S+VK6GTNJU=; b=z34EtKCix9u5MYwuWAR9FtIfPF2BOyhga4jsbHv5URJ9EeR+HkSkMuycqyya8OC0UfeRfVVza CNzOieWOYncCyVb61nVVQ4ahkL5yUBp9znPQ4zWnxxjEtbO9JpWzfPR X-Developer-Key: i=demiobenour@gmail.com; a=ed25519; pk=X57Q4/YQDj9t4SBeKaDwvXYKB6quZJVx/DE2Ly2out0= Message-ID-Hash: RXN6STHBDKYKTSXHRESJWMFE6AT4VXGJ X-Message-ID-Hash: RXN6STHBDKYKTSXHRESJWMFE6AT4VXGJ X-MailFrom: demiobenour@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Alyssa Ross , Demi Marie Obenour X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: The "almost" is because of the need for Weston to create /run/user/0/wayland-1. This can be fixed by passing the listening socket into Weston. Also Weston still runs as root and there is no seccomp filtering or MAC. Signed-off-by: Demi Marie Obenour --- host/rootfs/image/etc/s6-rc/weston/run | 54 ++++++++++++++++++++++++++++++++-- 1 file changed, 52 insertions(+), 2 deletions(-) diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run index 251f5da4597a916c4e46a0dfd64cec261d519d23..87579d1bddb4c191dda0c1659f88e74c178d13a1 100644 --- a/host/rootfs/image/etc/s6-rc/weston/run +++ b/host/rootfs/image/etc/s6-rc/weston/run @@ -18,5 +18,55 @@ redirfd -r 0 /dev/tty1 importas -i home HOME cd $home if { udevadm wait /dev/dri/card0 } -unshare --cgroup --ipc --net --uts -weston +bwrap + # no --unshare-net, breaks udev hotplug + --unshare-ipc + --unshare-uts + --unshare-cgroup + --cap-add CAP_SYS_TTY_CONFIG + --dev-bind /dev /dev + --bind /run /run + --ro-bind /etc /etc + --ro-bind /nix /nix + --ro-bind /usr /usr + --ro-bind /lib /lib + --ro-bind /bin /bin + --ro-bind /sbin /sbin + # For /run/seatd.sock + --tmpfs /run + # For OpenGL/Vulkan/etc + --ro-bind /run/opengl-driver /run/opengl-driver + # For udev + --ro-bind /run/udev /run/udev + --tmpfs /tmp + --tmpfs /dev/shm + # Filtered /proc (without nasty stuff) + --proc /proc + --ro-bind /proc/sys /proc/sys + --tmpfs /proc/scsi + --remount-ro /proc/scsi + --tmpfs /proc/acpi + --remount-ro /proc/acpi + --tmpfs /proc/fs + --remount-ro /proc/fs + --tmpfs /proc/irq + --remount-ro /proc/irq + --ro-bind /dev/null /proc/timer_list + --ro-bind /dev/null /proc/kcore + --ro-bind /dev/null /proc/kallsyms + --ro-bind /dev/null /proc/sysrq-trigger + --ro-bind /sys /sys + --dev /dev + # GPUs + --dev-bind /dev/dri /dev/dri + # Input devices + --dev-bind /dev/input /dev/input + # Virtual consoles + --dev-bind /dev/tty1 /dev/tty1 + --dev-bind /dev/tty0 /dev/tty0 + # Kernel console + --dev-bind /dev/console /dev/console + # So that Weston can create its listening socket + --bind /run/user/0 /run/user/0 + -- +/usr/bin/weston --- base-commit: 92e219e7c08c479d216a46d2736ea9d229ff034d change-id: 20251205-sandbox-weston-7bb8c5e0b55f -- Sincerely, Demi Marie Obenour (she/her/hers)