commit | 61edbbff532fd25951f58a10195e96220d43399a | [log] [tgz] |
---|---|---|
author | Dylan Reid <dgreid@chromium.org> | Fri May 12 16:15:53 2017 -0700 |
committer | chrome-bot <chrome-bot@chromium.org> | Thu Jul 06 21:13:55 2017 -0700 |
tree | 07fa20a0fa34ec5cb7abc14b64d0edc6d5eaa939 | |
parent | f2164a18bf9e58051e5b8bf4c063c19297a77878 [diff] |
crosvm: Put block device process in a minijail Run with the new seccomp filter and drop all capabilities. In addition enter a new user, mount, network, and ipc namespace. Leave the mount namespace empty after pivot-rooting to an empty directory. Change-Id: Iee583cf260ede8ca13f005836684eb80c2c3ac3e Signed-off-by: Dylan Reid <dgreid@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/515603
This component, known as crosvm, runs untrusted operating systems along with virtualized devices. No actual hardware is emulated. This only runs VMs through the Linux's KVM interface. What makes crosvm unique is a focus on safety within the programming language and a sandbox around the virtual devices to protect the kernel from attack in case of an exploit in the devices.
The crosvm source code is organized into crates, each with their own unit tests. These crates are:
kernel_loader
Loads elf64 kernel files to a slice of memory.kvm_sys
low-level (mostly) auto-generated structures and constants for using KVMkvm
unsafe, low-level wrapper code for using kvm_syscrosvm
the top-level binary front-end for using crosvmx86_64
Support code specific to 64 bit intel machines.Currently there is no front-end, so the best you can do is run cargo test
in each crate.