On 12/15/25 07:27, Alyssa Ross wrote: > This is a legacy interface. I doubt anything in Spectrum depends on > it. The previous approach of masking it out with Bubblewrap failed on > aarch64, where it was already disabled in the kernel config. > > Fixes: 62590b8 ("host/rootfs: Sandbox crosvm") > Fixes: ec47d36 ("host/rootfs: Sandbox Cloud Hypervisor") > Signed-off-by: Alyssa Ross > --- > This also means the floodgates are now open for any other rootfs kernel > changes that anybody wants to propose. I'll start by disabling non-AF_UNIX, non-AF_NETLINK networking! > host/rootfs/default.nix | 6 +++++- > .../vm-services/template/data/service/vhost-user-gpu/run | 2 -- > host/rootfs/image/usr/bin/run-vmm | 2 -- > 3 files changed, 5 insertions(+), 5 deletions(-) > > diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix > index 66aa366..26757ef 100644 > --- a/host/rootfs/default.nix > +++ b/host/rootfs/default.nix > @@ -49,7 +49,11 @@ let > system.stateVersion = trivial.release; > }); > > - kernel = linux_latest; > + kernel = linux_latest.override { > + structuredExtraConfig = with lib.kernel; { > + SCSI_PROC_FS = no; > + }; > + }; > > appvm = callSpectrumPackage ../../img/app { inherit (foot) terminfo; }; > netvm = callSpectrumPackage ../../vm/sys/net { inherit (foot) terminfo; }; > diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run > index e063a82..bdd842e 100755 > --- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run > +++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run > @@ -31,8 +31,6 @@ bwrap > --disable-userns > --proc /proc > --ro-bind /proc/sys /proc/sys > - --tmpfs /proc/scsi > - --remount-ro /proc/scsi > --tmpfs /proc/acpi > --remount-ro /proc/acpi > --tmpfs /proc/fs > diff --git a/host/rootfs/image/usr/bin/run-vmm b/host/rootfs/image/usr/bin/run-vmm > index e30b14c..d71f7eb 100755 > --- a/host/rootfs/image/usr/bin/run-vmm > +++ b/host/rootfs/image/usr/bin/run-vmm > @@ -104,8 +104,6 @@ bwrap > --bind /run /run > --proc /proc > --ro-bind /proc/sys /proc/sys > - --tmpfs /proc/scsi > - --remount-ro /proc/scsi > --tmpfs /proc/acpi > --remount-ro /proc/acpi > --tmpfs /proc/fs Acked-by: Demi Marie Obenour -- Sincerely, Demi Marie Obenour (she/her/hers)