Architecture
Spectrum is based on the principle of security by compartmentalization.
The high level stack is illustrated in the following diagram:
The default set of virtual machines includes two application VMs, appvm-catgirl (an IRC client) and appvm-lynx (a text-based web browser); and a system VM, netvm (which handles hardware network devices and provides network services to application VMs). Refer to Creating VMs and Running VMs for more information about using VMs in Spectrum.
Architecture Decision Records (ADRs)
Architecturally significant decisions are recorded as lightweight ADRs.
Spectrum Host System
Compartmentalization is implemented using cloud-hypervisor virtual machines. cloud-hypervisor uses Linux’s Kernel-based Virtual Machine (KVM) to provide lightweight, hardware-accelerated VMs.
While Linux (including KVM) is portable between many hardware architectures, cloud-hypervisor supports only x86_64 and aarch64. Spectrum currently only works on x86_64, but aarch64 support is in development.
s6-rc is used for service management. Utilities like kmod, util-linux and busybox are installed for boot and service scripts.
Wayland is used for window management and display. The Wayland architecture is well documented here. The host provides onlya Wayland terminal client, foot, which is used for interacting with VM consoles. In future it will be possible for application VMs to display windows on the single Wayland compositor on the host system, using Wayland virtio-gpu contexts. X11 applications are not currently supported, but could be in future.
All host user space components are built with the musl C library. In comparison to other libc implementations, musl has added safety on resource exhaustion and security hardening on memory allocation. Kernel hardening will be investigated in future.