From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id CFE5C2B2E;
	Sat, 06 Dec 2025 10:59:14 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id 23FCF2AF3; Sat, 06 Dec 2025 10:59:13 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_PASS,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,
	SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=4.0.1
Received: from mail-yx1-xb131.google.com (mail-yx1-xb131.google.com
 [IPv6:2607:f8b0:4864:20::b131])
	by atuin.qyliss.net (Postfix) with ESMTPS id 4E3142AF2
	for <devel@spectrum-os.org>; Sat, 06 Dec 2025 10:59:11 +0000 (UTC)
Received: by mail-yx1-xb131.google.com with SMTP id
 956f58d0204a3-6433f99eb15so2687181d50.3
        for <devel@spectrum-os.org>; Sat, 06 Dec 2025 02:59:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1765018749; x=1765623549;
 darn=spectrum-os.org;
        h=cc:to:message-id:content-transfer-encoding:mime-version:subject
         :date:from:from:to:cc:subject:date:message-id:reply-to;
        bh=1Dxg3kL73OwwZR5WAiiuEXN72kHyf1HAM/tXo7hxr5w=;
        b=Y+LcDs//spKSUU4VUI8hZwqYGbHpdR0QLDdZisTzj+47uVtBDPqyd5494HFlDoK62l
         +LBHy5pFjaOIEunlWhKZuvXhkxGxuF8aJHbb3wqMCErVjEX8t9vb9bJwGM5YwO2RFKx/
         TitI6JggYFCQ0+4y77kTfZ94jNoHTBV5bycEii6dW4hYDQl6B4SERHjj2R0u57vaE8o6
         n/29QJevwya4rIMFK9amxpRz1o/KKPn5YcQB6wDSZeZtJUCu8uh5gzSBAPjGP1UxE3Jr
         DUPC7XNE54/53skHazW7JiPHu7fz9SNwQmf0M0VcImQmiOvBmz/mPiwk1mG/pR/p/pNk
         GULw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1765018749; x=1765623549;
        h=cc:to:message-id:content-transfer-encoding:mime-version:subject
         :date:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=1Dxg3kL73OwwZR5WAiiuEXN72kHyf1HAM/tXo7hxr5w=;
        b=mA8OkMApYDLeVUus7006vcwFTbN9vmjI0Rva3mDTmGzfst8hxiko7gt6Sualcw9JW2
         eR7eQFTvu0tFQB5w+0fiwfwktrXXLxzMFJWw9+1Bup5mRz9G6QRoI4JYvQ0TtcGK6DcI
         eRn+R1hDAyz+8tT0dUVgbvdorgXoxFn9EZXgm+wdFZhu49lkbxZ24qnUldbuuWsqFPyB
         23Pls5PiEssvwl4vQre+BSI5rqfxxrVRHDhSpIwb1CYyFwekrxloX0VYb/d41EhV/wmM
         7qiXoc2wTGzkTB6PtHZAHQCQcwLNVWAc5luMye9slPn2YBXfCO3PQO2RupaM2F81/kRi
         JEwA==
X-Gm-Message-State: AOJu0YwOjMFtd08W+ov3Q6edLYvZLwKKVvlUJefIK/gz+tYqkrK27xRY
	Xmmh253NqpF1nI7TqochsNWmWipAnlqqzK/RefzgkPZG74zdNySrRLeoix1JLA==
X-Gm-Gg: ASbGnctPS+h0NgkpPB8k5LdoxtBpQarse79vgF7JfOx4M1rKZtnl1mL5XH1MkQPT4Eg
	B73h081Hy0h7RIFWv7aHS0+cXBOjzKezErI9RsLIJh1L3nkKbc1R9OrtaGB1BL1Xf1Lxzu4rOE3
	tJ7Dkw1XwdhhJjLRjlCQSOdS2TYcxRAdP3vSgW+qI9qq8rsoHF9n+0E0z6HA0p5l2Vtjs63azFU
	QDiS+Rju2rdgTQgBMQxo69X8AXYRu31M1cqxHiHdlzyy5u6F1aexU3NsK9hR1cVngnL+xZMZhhT
	uJHDIUoam5m5t+3BQQWDRmwKhhrG7y5cRodGS5+I5Z3T7MgbH1OANLcc9WCdSFAMUY4PQC8x5fO
	+2n1mpUoYwn6kUbpLRRrzd4jcq2erNHGVWohfaf++eb5CjplhTdsFPuU9wrUJAK/nnzcsW+uLLV
	1vuPEHcrpq4HMwYHsh2q/hGXiZayd8yBrl6b7pJsS+ncq59vomVmh7VBQRTF4xr5XOOYt18A4Lk
	v0vZKLJcTC4/fc9zCsti1HVwMOXni8Ilj4=
X-Google-Smtp-Source: 
 AGHT+IEkuIZYZcpbXRzFi/R+sOB+BcuaS6i+zhHqUljammZBUM08biCZbwShy8BNsvaOOTv+AVzF+g==
X-Received: by 2002:a05:690e:2541:b0:644:4da0:5b3f with SMTP id
 956f58d0204a3-6444e7c6d8bmr1162717d50.66.1765018748521;
        Sat, 06 Dec 2025 02:59:08 -0800 (PST)
Received: from localhost.localdomain
 (h96-60-249-169.cncrtn.broadband.dynamic.tds.net. [96.60.249.169])
        by smtp.gmail.com with UTF8SMTPSA id
 00721157ae682-78c1b4ca8ffsm26602907b3.17.2025.12.06.02.59.07
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 06 Dec 2025 02:59:07 -0800 (PST)
From: Demi Marie Obenour <demiobenour@gmail.com>
Date: Sat, 06 Dec 2025 05:57:41 -0500
Subject: [PATCH] host/rootfs: Sandbox Cloud Hypervisor
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <20251206-b4-sandbox-v1-1-253be8256649@gmail.com>
X-B4-Tracking: v=1; b=H4sIACQMNGkC/6tWKk4tykwtVrJSqFYqSi3LLM7MzwNyDHUUlJIzE
 vPSU3UzU4B8JSMDI1NDIwMz3SQT3eLEvJSk/Apdy6RU81TT1BRLSyMzJaCGgqLUtMwKsGHRsbW
 1AGKnJFhcAAAA
X-Change-ID: 20251206-b4-sandbox-9be7e5ed9926
To: Spectrum OS Development <devel@spectrum-os.org>
X-Mailer: b4 0.14.3
X-Developer-Signature: v=1; a=ed25519-sha256; t=1765018660; l=2017;
 i=demiobenour@gmail.com; s=20250729; h=from:subject:message-id;
 bh=3ZgW9Dk6QMjf9uhbArSg5D12Fy/sAg93qpQts4TEHZo=;
 b=dqWkYbkh1lhld0qVS4htehwIPR8sXHmaVIoOaSYJc7bZw2j4DtZPkNIcofI3DG7UQs3i6ANoo
 ZjWbDnUSlYvCUPhx5+5bwTEZV5A/twvMUcjZAaSF9BHrR9OqcWlPjhN
X-Developer-Key: i=demiobenour@gmail.com; a=ed25519;
 pk=X57Q4/YQDj9t4SBeKaDwvXYKB6quZJVx/DE2Ly2out0=
Message-ID-Hash: V35O3LO2QWYL3I2IHKZFY4NMYX2YP5EI
X-Message-ID-Hash: V35O3LO2QWYL3I2IHKZFY4NMYX2YP5EI
X-MailFrom: demiobenour@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: Alyssa Ross <hi@alyssa.is>, Demi Marie Obenour <demiobenour@gmail.com>
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/V35O3LO2QWYL3I2IHKZFY4NMYX2YP5EI/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

It only needs access to a small number of resources.  Unfortunately, it
needs access to /dev/vfio right now.  This should be fixed by using file
descriptor passing instead.  Also, Cloud Hypervisor should not run as
root.

Cloud Hypervisor needs to be able to lock memory.  Running in a user
namespace prevents it from using CAP_IPC_LOCK.  Therefore, it is
necessary to increase RLIMIT_MLOCK before running Cloud Hypervisor.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
---
 host/rootfs/image/usr/bin/run-vmm | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/host/rootfs/image/usr/bin/run-vmm b/host/rootfs/image/usr/bin/run-vmm
index ba8b59c2677408acdd01c2eda3cf2dd60992d881..24c3d607bfcf6fea6196b61d2941141486d33fd6 100755
--- a/host/rootfs/image/usr/bin/run-vmm
+++ b/host/rootfs/image/usr/bin/run-vmm
@@ -52,5 +52,36 @@ unexport !
 fdmove -c 3 0
 redirfd -r 0 /dev/null
 
+s6-softlimit -H -l 18446744073709551615
 if { udevadm wait /dev/kvm }
-cloud-hypervisor --api-socket fd=3
+bwrap
+  --unshare-all
+  --unshare-user
+  --dev /dev
+  --dev-bind /dev/kvm /dev/kvm
+  --dev-bind /dev/vfio /dev/vfio
+  --tmpfs /dev/shm
+  --tmpfs /tmp
+  --tmpfs /var/tmp
+  --ro-bind /etc /etc
+  --ro-bind /lib /lib
+  --ro-bind /nix /nix
+  --ro-bind /usr /usr
+  --ro-bind /sys /sys
+  --bind /run /run
+  --proc /proc
+  --ro-bind /proc/sys /proc/sys
+  --tmpfs /proc/scsi
+  --remount-ro /proc/scsi
+  --tmpfs /proc/acpi
+  --remount-ro /proc/acpi
+  --tmpfs /proc/fs
+  --remount-ro /proc/fs
+  --tmpfs /proc/irq
+  --remount-ro /proc/irq
+  --ro-bind /dev/null /proc/timer_list
+  --ro-bind /dev/null /proc/kcore
+  --ro-bind /dev/null /proc/kallsyms
+  --ro-bind /dev/null /proc/sysrq-trigger
+  --
+  cloud-hypervisor --api-socket fd=3

---
base-commit: 92e219e7c08c479d216a46d2736ea9d229ff034d
change-id: 20251206-b4-sandbox-9be7e5ed9926

-- 
Sincerely,
Demi Marie Obenour (she/her/hers)