| commit | 5ad8bc5e08c3fc681affa8a57d01a39a1735d26d | [log] [tgz] |
|---|---|---|
| author | Stephen Barber <smbarber@chromium.org> | Tue Jul 25 17:21:38 2017 -0700 |
| committer | chrome-bot <chrome-bot@chromium.org> | Wed Jul 26 16:46:53 2017 -0700 |
| tree | 4334719fcb2d355e90f04998e90f8c502831c6ef | |
| parent | ce3a3e8f00e2895e61dbbf2a240ac4e4e5f2fea0 [diff] |
io_jail: Add InvalidPath error parse_seccomp_filters in libminijail will unhelpfully abort() if the path doesn't exist. Check that the policy file exists so that there's a semi-useful error message. BUG=none TEST=crosvm run without seccomp policy in current directory; no abort Change-Id: Ie1123e8cae3f6a27bbd5a3128161364401e8d4b2 Signed-off-by: Stephen Barber <smbarber@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/585829 Reviewed-by: Dylan Reid <dgreid@chromium.org>
This component, known as crosvm, runs untrusted operating systems along with virtualized devices. No actual hardware is emulated. This only runs VMs through the Linux's KVM interface. What makes crosvm unique is a focus on safety within the programming language and a sandbox around the virtual devices to protect the kernel from attack in case of an exploit in the devices.
The crosvm source code is organized into crates, each with their own unit tests. These crates are:
kernel_loader Loads elf64 kernel files to a slice of memory.kvm_sys low-level (mostly) auto-generated structures and constants for using KVMkvm unsafe, low-level wrapper code for using kvm_syscrosvm the top-level binary front-end for using crosvmx86_64 Support code specific to 64 bit intel machines.Currently there is no front-end, so the best you can do is run cargo test in each crate.