diff options
| -rw-r--r-- | developer-manual.adoc | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/developer-manual.adoc b/developer-manual.adoc index 06f8dc1..f96202e 100644 --- a/developer-manual.adoc +++ b/developer-manual.adoc @@ -175,11 +175,24 @@ then not use the Nixpkgs minijail. You would definitely want to do things this if you were going to be hacking on Minijail. **** -You can then build crosvm with cargo build. Due to hardcoded paths to -seccomp policy files, this crosvm will probably not work with -sandboxing enabled, so you'll have to use --disable-sandbox. If you -need to test sandboxing, your best bet is to try to modify the crosvm -Nix derivation to use your modified sources. +You can then build crosvm with cargo build. Spectrum's Nixpkgs +provides a utility program for running a test VM with a custom crosvm +build. It can be used as follows: + +---- +cargo build +nix-shell -I nixpkgs=/path/to/nixpkgs-spectrum \ + -p spectrumPackages.spectrum-vm \ + --run 'spectrum-vm -C target/debug/crosvm -- --disable-sandbox' +---- + +`--disable-sandbox` is required because crosvm has hardcoded paths to +seccomp policy files. If you need to test sandboxing, your best bet +is to try to modify the crosvm Nix derivation to use your modified +sources. There's an http://crbug.com/1052126[upstream crosvm bug] to +compile the policy files into the crosvm binary so paths don't have to +be hardcoded. + === Sommelier |