* [RFC PATCH nixpkgs 0/4] Wayland security-context support
@ 2022-09-30 19:45 Puck Meerburg
2022-09-30 19:45 ` [RFC PATCH nixpkgs 1/4] cloud-hypervisor: workaround keymap mmap Puck Meerburg
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Puck Meerburg @ 2022-09-30 19:45 UTC (permalink / raw)
To: devel; +Cc: Puck Meerburg
NOTE: These patches are designed to apply on top of the previous
Wayland support series at [1].
This series contains the patches necessary to build the demo repository
for Wayland security-context[2] support. As the Spectrum support for
Wayland is also very WIP, and uses a different WM than the one I was
focused on (Weston versus sway), it's not yet integrated with Spectrum
itself. Of course, my decision to use Sway in this demo isn't setting
Spectrum's own window manager in stone; the hope is this protocol gets
implemented into as many compositors (and sandboxes) as possible :)
To try out the demo, see [3] for the repository and instructions.
A few of these patches (wlroots, sway) have been sent upstream
already[4][5]. The crosvm patches need a tiny bit of work before I'm
completely confident sending them upstream.
One major issue that is worked around but not entirely solved is a bit
of a mystery to me: After a short amount of messages, the virtio-gpu
driver stops sending and receiving Wayland messages. As far as I can
tell, this is likely a quirk of running crosvm with only cross-domain
enabled, but one I haven't been able to delve into the Linux source
code for to figure out how to properly solve.
[1]: https://spectrum-os.org/lists/archives/spectrum-devel/20220928170128.1583791-1-alyssa.ross@unikie.com/
[2]: https://gitlab.freedesktop.org/wayland/wayland-protocols/-/merge_requests/68
[3]: https://puck.moe/git/security-context-demo
[4]: https://gitlab.freedesktop.org/wlroots/wlroots/-/merge_requests/3589
[5]: https://github.com/swaywm/sway/pull/7187
Puck Meerburg (4):
cloud-hypervisor: workaround keymap mmap
wlroots: apply security-context patches
sway: apply security-context patches
crosvm: apply security-context patches
...ry-mapping-shared-memory-as-RO-if-RW.patch | 57 ++++++++
.../cloud-hypervisor/default.nix | 1 +
.../virtualization/crosvm/default.nix | 10 +-
.../window-managers/sway/default.nix | 22 +++
pkgs/development/libraries/wlroots/0.15.nix | 20 ++-
.../libraries/wlroots/security-context-v1.xml | 131 ++++++++++++++++++
6 files changed, 235 insertions(+), 6 deletions(-)
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0004-virtio-devices-try-mapping-shared-memory-as-RO-if-RW.patch
create mode 100644 pkgs/development/libraries/wlroots/security-context-v1.xml
--
2.35.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [RFC PATCH nixpkgs 1/4] cloud-hypervisor: workaround keymap mmap
2022-09-30 19:45 [RFC PATCH nixpkgs 0/4] Wayland security-context support Puck Meerburg
@ 2022-09-30 19:45 ` Puck Meerburg
2022-09-30 19:45 ` [RFC PATCH nixpkgs 2/4] wlroots: apply security-context patches Puck Meerburg
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Puck Meerburg @ 2022-09-30 19:45 UTC (permalink / raw)
To: devel; +Cc: Puck Meerburg
See the commit message in the patch.
Signed-off-by: Puck Meerburg <puck@puckipedia.com>
---
...ry-mapping-shared-memory-as-RO-if-RW.patch | 57 +++++++++++++++++++
.../cloud-hypervisor/default.nix | 1 +
2 files changed, 58 insertions(+)
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0004-virtio-devices-try-mapping-shared-memory-as-RO-if-RW.patch
diff --git a/pkgs/applications/virtualization/cloud-hypervisor/0004-virtio-devices-try-mapping-shared-memory-as-RO-if-RW.patch b/pkgs/applications/virtualization/cloud-hypervisor/0004-virtio-devices-try-mapping-shared-memory-as-RO-if-RW.patch
new file mode 100644
index 00000000000..e67d338af58
--- /dev/null
+++ b/pkgs/applications/virtualization/cloud-hypervisor/0004-virtio-devices-try-mapping-shared-memory-as-RO-if-RW.patch
@@ -0,0 +1,57 @@
+From 165787d5cb1969fe855b8fa96d964efeefb96d94 Mon Sep 17 00:00:00 2001
+From: Puck Meerburg <puck@puckipedia.com>
+Date: Fri, 30 Sep 2022 14:10:27 +0000
+Subject: [PATCH 4/4] virtio-devices: try mapping shared memory as RO if RW
+ fails
+
+wlroots' keymaps are read-only, and crosvm does not properly handle
+this, causing cloud-hypervisor to crash. Work around this for now by
+retrying any mmap as read-only if read-write mapping fails.
+---
+ virtio-devices/src/vhost_user/gpu.rs | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/virtio-devices/src/vhost_user/gpu.rs b/virtio-devices/src/vhost_user/gpu.rs
+index b0a9ee7c..2eb18445 100644
+--- a/virtio-devices/src/vhost_user/gpu.rs
++++ b/virtio-devices/src/vhost_user/gpu.rs
+@@ -1,5 +1,6 @@
+ // Copyright 2019 Intel Corporation. All Rights Reserved.
+ // Copyright 2022 Unikie
++// Copyright 2022 Puck Meerburg
+ // SPDX-License-Identifier: Apache-2.0
+
+ use crate::seccomp_filters::Thread;
+@@ -59,7 +60,7 @@ impl VhostUserMasterReqHandler for SlaveReqHandler {
+ }
+
+ let addr = self.mmap_cache_addr + req.shm_offset;
+- let ret = unsafe {
++ let mut ret = unsafe {
+ libc::mmap(
+ addr as *mut libc::c_void,
+ req.len as usize,
+@@ -69,6 +70,20 @@ impl VhostUserMasterReqHandler for SlaveReqHandler {
+ req.fd_offset as libc::off_t,
+ )
+ };
++
++ if ret == libc::MAP_FAILED {
++ ret = unsafe {
++ libc::mmap(
++ addr as *mut libc::c_void,
++ req.len as usize,
++ (req.flags.bits() as i32) & !libc::PROT_WRITE,
++ libc::MAP_SHARED | libc::MAP_FIXED,
++ fd.as_raw_fd(),
++ req.fd_offset as libc::off_t,
++ )
++ };
++ }
++
+ if ret == libc::MAP_FAILED {
+ return Err(io::Error::last_os_error());
+ }
+--
+2.35.1
+
diff --git a/pkgs/applications/virtualization/cloud-hypervisor/default.nix b/pkgs/applications/virtualization/cloud-hypervisor/default.nix
index d4fc8d46265..17e344e67e8 100644
--- a/pkgs/applications/virtualization/cloud-hypervisor/default.nix
+++ b/pkgs/applications/virtualization/cloud-hypervisor/default.nix
@@ -39,6 +39,7 @@ rustPlatform.buildRustPackage rec {
./0001-build-use-local-vhost.patch
./0002-build-use-local-virtio-bindings.patch
./0003-virtio-devices-add-a-vhost-user-gpu-device.patch
+ ./0004-virtio-devices-try-mapping-shared-memory-as-RO-if-RW.patch
];
vhostPatches = [
--
2.35.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [RFC PATCH nixpkgs 2/4] wlroots: apply security-context patches
2022-09-30 19:45 [RFC PATCH nixpkgs 0/4] Wayland security-context support Puck Meerburg
2022-09-30 19:45 ` [RFC PATCH nixpkgs 1/4] cloud-hypervisor: workaround keymap mmap Puck Meerburg
@ 2022-09-30 19:45 ` Puck Meerburg
2022-09-30 19:45 ` [RFC PATCH nixpkgs 3/4] sway: " Puck Meerburg
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Puck Meerburg @ 2022-09-30 19:45 UTC (permalink / raw)
To: devel; +Cc: Puck Meerburg
Signed-off-by: Puck Meerburg <puck@puckipedia.com>
---
pkgs/development/libraries/wlroots/0.15.nix | 20 ++-
.../libraries/wlroots/security-context-v1.xml | 131 ++++++++++++++++++
2 files changed, 150 insertions(+), 1 deletion(-)
create mode 100644 pkgs/development/libraries/wlroots/security-context-v1.xml
diff --git a/pkgs/development/libraries/wlroots/0.15.nix b/pkgs/development/libraries/wlroots/0.15.nix
index 7648ebe5d25..441f2991218 100644
--- a/pkgs/development/libraries/wlroots/0.15.nix
+++ b/pkgs/development/libraries/wlroots/0.15.nix
@@ -2,7 +2,7 @@
, libGL, wayland, wayland-protocols, libinput, libxkbcommon, pixman
, xcbutilwm, libX11, libcap, xcbutilimage, xcbutilerrors, mesa
, libpng, ffmpeg_4, xcbutilrenderutil, seatd, vulkan-loader, glslang
-, nixosTests
+, nixosTests, fetchpatch
, enableXWayland ? true, xwayland ? null
}:
@@ -39,6 +39,24 @@ stdenv.mkDerivation rec {
lib.optional (!enableXWayland) "-Dxwayland=disabled"
;
+ patches = [
+ (fetchpatch {
+ url = "https://gitlab.freedesktop.org/puckipedia/wlroots/-/commit/1f2cd76e27f19d268dec60b72e2bfdcb13cff660.patch";
+ sha256 = "sha256-18/v/TTRrnDDzrGJ4ZqCsnH+wsFuAJMvgBDS+JqAjoU=";
+ })
+ (fetchpatch {
+ url = "https://gitlab.freedesktop.org/puckipedia/wlroots/-/commit/193e7dc6bb02ca379dc7d26ef407b8216e1fb503.patch";
+ sha256 = "sha256-Z+Hi+DBVH/m1MABTzlxMLUuWMe5BFg++J9UP1mxs4z8=";
+ })
+ ];
+
+ # Add the protocol here instead of in wayland-protocols for recompilation reasons
+ postPatch = ''
+ cp ${./security-context-v1.xml} protocol/security-context-v1.xml
+ substituteInPlace protocol/meson.build \
+ --replace "wl_protocol_dir / 'staging/security-context/" "'"
+ '';
+
postFixup = ''
# Install ALL example programs to $examples:
# screencopy dmabuf-capture input-inhibitor layer-shell idle-inhibit idle
diff --git a/pkgs/development/libraries/wlroots/security-context-v1.xml b/pkgs/development/libraries/wlroots/security-context-v1.xml
new file mode 100644
index 00000000000..073c0d07585
--- /dev/null
+++ b/pkgs/development/libraries/wlroots/security-context-v1.xml
@@ -0,0 +1,131 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<protocol name="security_context_v1">
+ <copyright>
+ Copyright © 2021 Simon Ser
+
+ Permission is hereby granted, free of charge, to any person obtaining a
+ copy of this software and associated documentation files (the "Software"),
+ to deal in the Software without restriction, including without limitation
+ the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ and/or sell copies of the Software, and to permit persons to whom the
+ Software is furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice (including the next
+ paragraph) shall be included in all copies or substantial portions of the
+ Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ DEALINGS IN THE SOFTWARE.
+ </copyright>
+
+ <interface name="wp_security_context_manager_v1" version="1">
+ <description summary="client security context manager">
+ This interface allows a client to register a new Wayland connection to
+ the compositor and attach a security context to it.
+
+ This is intended to be used by sandboxes. Sandbox engines attach a
+ security context to all connections coming from inside the sandbox. The
+ compositor can then restrict the features that the sandboxed connections
+ can use.
+
+ Warning! The protocol described in this file is experimental and
+ backward incompatible changes may be made. Backward compatible changes
+ may be added together with the corresponding interface version bump.
+ Backward incompatible changes are done by bumping the version number in
+ the protocol and interface names and resetting the interface version.
+ Once the protocol is to be declared stable, the 'z' prefix and the
+ version number in the protocol and interface names are removed and the
+ interface version number is reset.
+ </description>
+
+ <enum name="error">
+ <entry name="invalid_listen_fd" value="1"
+ summary="listening socket FD is invalid"/>
+ </enum>
+
+ <request name="destroy" type="destructor">
+ <description summary="destroy the manager object">
+ Destroy the manager. This doesn't destroy objects created with the
+ manager.
+ </description>
+ </request>
+
+ <request name="create_listener">
+ <description summary="create a new security context">
+ Creates a new security context with a socket listening FD.
+
+ The compositor will accept new client connections on listen_fd.
+ listen_fd must be ready to accept new connections when this request is
+ sent by the client. In other words, the client must call bind(2) and
+ listen(2) before sending the FD.
+
+ close_fd is a FD closed by the client when the compositor should stop
+ accepting new connections on listen_fd.
+
+ The compositor must continue to accept connections on listen_fd when
+ the Wayland client which created the security context disconnects.
+ </description>
+ <arg name="id" type="new_id" interface="wp_security_context_v1"/>
+ <arg name="listen_fd" type="fd" summary="listening socket FD"/>
+ <arg name="close_fd" type="fd" summary="FD closed when done"/>
+ </request>
+ </interface>
+
+ <interface name="wp_security_context_v1" version="1">
+ <description summary="client security context">
+ The security context allows a client to register a new client and attach
+ security context metadata to the connections.
+
+ When both are set, the application ID and the sandbox engine must
+ uniquely identify an application.
+ </description>
+
+ <enum name="error">
+ <entry name="already_used" value="1"
+ summary="security context has already been committed"/>
+ <entry name="already_set" value="2"
+ summary="metadata has already been set"/>
+ </enum>
+
+ <request name="destroy" type="destructor">
+ <description summary="destroy the security context object">
+ Destroy the security context object.
+ </description>
+ </request>
+
+ <request name="set_sandbox_engine">
+ <description summary="set the sandbox engine">
+ Attach a unique sandbox engine name to the security context.
+
+ It is a protocol error to call this request twice. The already_set
+ error is sent in this case.
+ </description>
+ <arg name="name" type="string" summary="the sandbox engine name"/>
+ </request>
+
+ <request name="set_app_id">
+ <description summary="set the application ID">
+ Attach an application ID to the security context.
+
+ It is a protocol error to call this request twice. The already_set
+ error is sent in this case.
+ </description>
+ <arg name="app_id" type="string" summary="the application ID"/>
+ </request>
+
+ <request name="commit">
+ <description summary="register the security context">
+ Atomically register the new client and attach the security context
+ metadata.
+
+ It's a protocol error to send any request other than "destroy" after
+ this request. In this case, the already_used error is sent.
+ </description>
+ </request>
+ </interface>
+</protocol>
--
2.35.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [RFC PATCH nixpkgs 3/4] sway: apply security-context patches
2022-09-30 19:45 [RFC PATCH nixpkgs 0/4] Wayland security-context support Puck Meerburg
2022-09-30 19:45 ` [RFC PATCH nixpkgs 1/4] cloud-hypervisor: workaround keymap mmap Puck Meerburg
2022-09-30 19:45 ` [RFC PATCH nixpkgs 2/4] wlroots: apply security-context patches Puck Meerburg
@ 2022-09-30 19:45 ` Puck Meerburg
2022-09-30 19:46 ` [RFC PATCH nixpkgs 4/4] crosvm: " Puck Meerburg
2022-09-30 22:08 ` [RFC PATCH nixpkgs 0/4] Wayland security-context support Puck Meerburg
4 siblings, 0 replies; 6+ messages in thread
From: Puck Meerburg @ 2022-09-30 19:45 UTC (permalink / raw)
To: devel; +Cc: Puck Meerburg
Signed-off-by: Puck Meerburg <puck@puckipedia.com>
---
.../window-managers/sway/default.nix | 22 +++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/pkgs/applications/window-managers/sway/default.nix b/pkgs/applications/window-managers/sway/default.nix
index 61925e4ed0b..43d107b11b5 100644
--- a/pkgs/applications/window-managers/sway/default.nix
+++ b/pkgs/applications/window-managers/sway/default.nix
@@ -4,6 +4,7 @@
, pango, cairo, libinput, libcap, pam, gdk-pixbuf, librsvg
, wlroots, wayland-protocols, libdrm
, nixosTests
+, fetchpatch
# Used by the NixOS module:
, isNixOS ? false
@@ -39,6 +40,27 @@ stdenv.mkDerivation rec {
src = ./fix-paths.patch;
inherit swaybg;
})
+
+ (fetchpatch {
+ url = "https://github.com/puckipedia/sway/commit/6b45b7dbc03f5f0184ab0f45d36690df1cc869bd.patch";
+ sha256 = "sha256-LxW+02eTsm/XeKCwhyQfF6FlVVBsdTsybJi7nM4vahI=";
+ })
+ (fetchpatch {
+ url = "https://github.com/puckipedia/sway/commit/f7733c0444b9cc55fbbce20259db4fc97168827a.patch";
+ sha256 = "sha256-+Dsbfwh6+a6j+srMszisRTSsM6U99iG+4eHIz01qGkQ=";
+ })
+ (fetchpatch {
+ url = "https://github.com/puckipedia/sway/commit/683caa484c993d8d46c703f1d18beb2000f6a302.patch";
+ sha256 = "sha256-zTXAveiTfIDp96GmuKx+lWpGTjNexGOCzLxfgKEt8KQ=";
+ })
+ (fetchpatch {
+ url = "https://github.com/puckipedia/sway/commit/2e769c16e69eedd410372c37bf2492d982689488.patch";
+ sha256 = "sha256-4Ap9C9bKqaYxbkYB0pBkywqvsYyYTf3wUYgKClfEkRE=";
+ })
+ (fetchpatch {
+ url = "https://github.com/puckipedia/sway/commit/4ec88a243661f0cf53ede8d354b533a57cfe2208.patch";
+ sha256 = "sha256-g9Ua8RdHzEVgw+KbnJkzHvSD2HVOybpOdPhUw3cCPyY=";
+ })
] ++ lib.optionals (!isNixOS) [
# References to /nix/store/... will get GC'ed which causes problems when
# copying the default configuration:
--
2.35.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [RFC PATCH nixpkgs 4/4] crosvm: apply security-context patches
2022-09-30 19:45 [RFC PATCH nixpkgs 0/4] Wayland security-context support Puck Meerburg
` (2 preceding siblings ...)
2022-09-30 19:45 ` [RFC PATCH nixpkgs 3/4] sway: " Puck Meerburg
@ 2022-09-30 19:46 ` Puck Meerburg
2022-09-30 22:08 ` [RFC PATCH nixpkgs 0/4] Wayland security-context support Puck Meerburg
4 siblings, 0 replies; 6+ messages in thread
From: Puck Meerburg @ 2022-09-30 19:46 UTC (permalink / raw)
To: devel; +Cc: Puck Meerburg
These patches are available as a separate repo, as buildRustPackage
does not like patching entirely new modules into the source tree.
Signed-off-by: Puck Meerburg <puck@puckipedia.com>
---
pkgs/applications/virtualization/crosvm/default.nix | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/pkgs/applications/virtualization/crosvm/default.nix b/pkgs/applications/virtualization/crosvm/default.nix
index 40e30dcd819..3660413a281 100644
--- a/pkgs/applications/virtualization/crosvm/default.nix
+++ b/pkgs/applications/virtualization/crosvm/default.nix
@@ -5,12 +5,12 @@
rustPlatform.buildRustPackage rec {
pname = "crosvm";
- version = "106.2";
+ version = "106.2-security-context";
src = fetchgit {
- url = "https://chromium.googlesource.com/chromiumos/platform/crosvm";
- rev = "d58d398581724e81ce57a8dfaeef62c175c06552";
- sha256 = "huZELmB1oH5RyasmpEXIcJ/mB4fi6fMofj1N01COeI8=";
+ url = "https://puck.moe/git/crosvm";
+ rev = "eb1a080dd8432ea7ad400816388d67a5d64081e4";
+ sha256 = "sha256-iExgWO1/PBCWvzV+5Z6UrKxOsHaFED9GcGQGc4rVJw0=";
fetchSubmodules = true;
};
@@ -24,7 +24,7 @@ rustPlatform.buildRustPackage rec {
./devices-vhost_user-loosen-expected-message-order.patch
];
- cargoSha256 = "18mj0zc6yfwyrw6v1vl089dhh04kv2pzb99bygnn8nymdlx4fjqa";
+ cargoSha256 = "1fasy7l8ia53739wzz4cgbphn7h4gv1rfz0syqbl4kfl6hy0p1vb";
nativeBuildInputs = [ minijail-tools pkg-config protobuf wayland-scanner ];
--
2.35.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFC PATCH nixpkgs 0/4] Wayland security-context support
2022-09-30 19:45 [RFC PATCH nixpkgs 0/4] Wayland security-context support Puck Meerburg
` (3 preceding siblings ...)
2022-09-30 19:46 ` [RFC PATCH nixpkgs 4/4] crosvm: " Puck Meerburg
@ 2022-09-30 22:08 ` Puck Meerburg
4 siblings, 0 replies; 6+ messages in thread
From: Puck Meerburg @ 2022-09-30 22:08 UTC (permalink / raw)
To: devel
Also, a video showcasing the security-context demo is available at the
following URIs:
- https://diode.zone/w/2n3kKNNjXFkSWUwyjT3hgt (with subtitles!)
- magnet:?xt=urn:btih:f340dfd391be0cabbb0638eb8af6659214c5d821&dn=puck%27s%20video%20720p.mp4&tr=https%3A%2F%2Fdiode.zone%2Ftracker%2Fannounce&ws=https%3A%2F%2Fdiode.zone%2Fstatic%2Fstreaming-playlists%2Fhls%2F0b093345-a100-4051-b4c3-37292af48c81%2F176adb94-167a-4cb7-b954-a09b301c4d80-720-fragmented.mp4
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-09-30 22:09 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-30 19:45 [RFC PATCH nixpkgs 0/4] Wayland security-context support Puck Meerburg
2022-09-30 19:45 ` [RFC PATCH nixpkgs 1/4] cloud-hypervisor: workaround keymap mmap Puck Meerburg
2022-09-30 19:45 ` [RFC PATCH nixpkgs 2/4] wlroots: apply security-context patches Puck Meerburg
2022-09-30 19:45 ` [RFC PATCH nixpkgs 3/4] sway: " Puck Meerburg
2022-09-30 19:46 ` [RFC PATCH nixpkgs 4/4] crosvm: " Puck Meerburg
2022-09-30 22:08 ` [RFC PATCH nixpkgs 0/4] Wayland security-context support Puck Meerburg
Code repositories for project(s) associated with this public inbox
https://spectrum-os.org/git/crosvm
https://spectrum-os.org/git/doc
https://spectrum-os.org/git/mktuntap
https://spectrum-os.org/git/nixpkgs
https://spectrum-os.org/git/spectrum
https://spectrum-os.org/git/ucspi-vsock
https://spectrum-os.org/git/www
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).