summary refs log tree commit diff
path: root/arch/src/lib.rs
diff options
context:
space:
mode:
Diffstat (limited to 'arch/src/lib.rs')
-rw-r--r--arch/src/lib.rs24
1 files changed, 24 insertions, 0 deletions
diff --git a/arch/src/lib.rs b/arch/src/lib.rs
index 8f957a8..361e918 100644
--- a/arch/src/lib.rs
+++ b/arch/src/lib.rs
@@ -26,6 +26,7 @@ use devices::{
 use io_jail::Minijail;
 use kvm::{IoeventAddress, Kvm, Vcpu, Vm};
 use resources::SystemAllocator;
+use servers::{JailedServer, Server};
 use sync::Mutex;
 use sys_util::{syslog, EventFd, GuestAddress, GuestMemory, GuestMemoryError};
 use vm_control::VmIrqRequestSocket;
@@ -83,6 +84,7 @@ pub struct RunnableLinuxVm {
     pub irq_chip: Option<File>,
     pub split_irqchip: Option<(Arc<Mutex<devices::Pic>>, Arc<Mutex<devices::Ioapic>>)>,
     pub gsi_relay: Option<Arc<GsiRelay>>,
+    pub servers: Vec<Box<dyn servers::Server>>,
     pub io_bus: Bus,
     pub mmio_bus: Bus,
     pub pid_debug_label_map: BTreeMap<u32, String>,
@@ -95,6 +97,12 @@ pub struct VirtioDeviceStub {
     pub jail: Option<Minijail>,
 }
 
+/// The server and optional jail.
+pub struct ServerStub {
+    pub server: Box<dyn Server>,
+    pub jail: Option<Minijail>,
+}
+
 /// Trait which is implemented for each Linux Architecture in order to
 /// set up the memory, cpus, and system devices and to boot the kernel.
 pub trait LinuxArch {
@@ -122,6 +130,7 @@ pub trait LinuxArch {
         ioapic_device_socket: VmIrqRequestSocket,
         serial_parameters: &BTreeMap<(SerialHardware, u8), SerialParameters>,
         serial_jail: Option<Minijail>,
+        servers: Vec<ServerStub>,
         create_devices: F,
     ) -> Result<RunnableLinuxVm, Self::Error>
     where
@@ -201,6 +210,21 @@ impl Display for DeviceRegistrationError {
     }
 }
 
+pub fn jail_servers(servers: Vec<ServerStub>) -> Result<Vec<Box<dyn Server>>, servers::ProxyError> {
+    servers
+        .into_iter()
+        .map(|ServerStub { server, jail }| {
+            if let Some(jail) = jail {
+                let preserved_fds = server.keep_fds();
+                let jailed = JailedServer::jail(server, &jail, preserved_fds)?;
+                Ok(Box::new(jailed) as Box<_>)
+            } else {
+                Ok(server)
+            }
+        })
+        .collect()
+}
+
 /// Creates a root PCI device for use by this Vm.
 pub fn generate_pci_root(
     devices: Vec<(Box<dyn PciDevice>, Option<Minijail>)>,
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-09 01:34:43 +0000