Demi Marie Obenour writes: > This restricts the access of these programs to the system. Seccomp is > not enabled, though, and the processes still run as root. Full > sandboxing needs additional work. In particular, Cloud Hypervisor > should receive access to VFIO devices via file descriptor passing. > > Sandboxing Cloud Hypervisor requires the use of sh, as there is no s6 > or execline program to increase hard resource limits. Yes there is! It's poorly named though — presumably the hard limit functionality was added later. We now do this in application VMs for Pipewire: https://spectrum-os.org/git/spectrum/tree/img/app/image/usr/bin/init?id=decd54105e6a54fee737ea436fcb1642141b337e#n5 > D-Bus and the portal are not sandboxed. They have full access to all > user files by design, so a breach of either is catastrophic no matter > what. Furthermore, sandboxing them even slightly proved very > difficult. > > Signed-off-by: Demi Marie Obenour > --- > Changes in v2: > - Sandbox Cloud Hypervisor, virtiofsd, and the router > - Link to v1: https://spectrum-os.org/lists/archives/spectrum-devel/20251129-sandbox-v1-1-6dab926504d3@gmail.com > > --- > Demi Marie Obenour (4): > host/rootfs: Sandbox crosvm > host/rootfs: Sandbox router > host/rootfs: Sandbox virtiofsd > host/rootfs: Sandbox Cloud Hypervisor > > host/rootfs/default.nix | 4 +-- > .../template/data/service/spectrum-router/run | 19 +++++++++++-- > .../template/data/service/vhost-user-fs/run | 28 ++++++++++++++++-- > .../template/data/service/vhost-user-gpu/run | 24 +++++++++++++++- > .../image/etc/udev/rules.d/99-spectrum.rules | 3 ++ > host/rootfs/image/usr/bin/run-vmm | 33 +++++++++++++++++++--- > 6 files changed, 98 insertions(+), 13 deletions(-) > --- > base-commit: 44f32b7a4b3cfbb4046447318e6753dd0eb71add > change-id: 20251129-sandbox-5a42a6a41b59 > > -- > Sincerely, > Demi Marie Obenour (she/her/hers)