* [PATCH 1/2] Enables forwarding Wayland from appVM to host with waypipe
@ 2022-12-04 22:45 vadim likholetov
2022-12-04 22:45 ` [PATCH 2/2] Firefox appVM patches and appVM refactoring vadim likholetov
0 siblings, 1 reply; 2+ messages in thread
From: vadim likholetov @ 2022-12-04 22:45 UTC (permalink / raw)
To: devel; +Cc: vadim likholetov
Signed-off-by: vadim likholetov <vadim.likholetov@unikie.com>
---
host/initramfs/extfs.nix | 4 +++-
host/rootfs/Makefile | 1 +
host/rootfs/default.nix | 4 ++--
host/rootfs/usr/bin/vm-start-way | 10 ++++++++++
img/app/default.nix | 3 +++
vm/app/hello-waypipe.nix | 23 +++++++++++++++++++++++
6 files changed, 42 insertions(+), 3 deletions(-)
create mode 100755 host/rootfs/usr/bin/vm-start-way
create mode 100644 vm/app/hello-waypipe.nix
diff --git a/host/initramfs/extfs.nix b/host/initramfs/extfs.nix
index 5c5850f..f49e519 100644
--- a/host/initramfs/extfs.nix
+++ b/host/initramfs/extfs.nix
@@ -11,12 +11,13 @@ let
appvm-catgirl = import ../../vm/app/catgirl.nix { inherit config; };
appvm-lynx = import ../../vm/app/lynx.nix { inherit config; };
+ appvm-hello-waypipe = import ../../vm/app/hello-waypipe.nix { inherit config; };
in
runCommand "ext.ext4" {
nativeBuildInputs = [ e2fsprogs ];
} ''
- mkdir -p root/svc/data/appvm-{catgirl,lynx}
+ mkdir -p root/svc/data/appvm-{catgirl,lynx,hello-waypipe}
cd root
tar -C ${netvm} -c data | tar -C svc -x
@@ -24,6 +25,7 @@ runCommand "ext.ext4" {
tar -C ${appvm-catgirl} -c . | tar -C svc/data/appvm-catgirl -x
tar -C ${appvm-lynx} -c . | tar -C svc/data/appvm-lynx -x
+ tar -C ${appvm-hello-waypipe} -c . | tar -C svc/data/appvm-hello-waypipe -x
mkfs.ext4 -d . $out 16T
resize2fs -M $out
diff --git a/host/rootfs/Makefile b/host/rootfs/Makefile
index 9559c06..06e3e8e 100644
--- a/host/rootfs/Makefile
+++ b/host/rootfs/Makefile
@@ -39,6 +39,7 @@ FILES = \
usr/bin/lsvm \
usr/bin/vm-console \
usr/bin/vm-start \
+ usr/bin/vm-start-way \
usr/bin/vm-stop
DIRS = dev etc/s6-linux-init/env ext run proc sys
diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix
index 0a84f55..de4a6b6 100644
--- a/host/rootfs/default.nix
+++ b/host/rootfs/default.nix
@@ -7,7 +7,7 @@ pkgs.pkgsStatic.callPackage (
{ lib, stdenvNoCC, nixos, runCommand, writeReferencesToFile, s6-rc, tar2ext4
, busybox, cloud-hypervisor, cryptsetup, execline, e2fsprogs, jq, kmod
-, mdevd, s6, s6-linux-init, socat, util-linuxMinimal, xorg
+, mdevd, s6, s6-linux-init, socat, util-linuxMinimal, xorg, waypipe
}:
let
@@ -49,7 +49,7 @@ let
packages = [
cloud-hypervisor e2fsprogs execline jq kmod mdevd s6 s6-linux-init s6-rc
- socat start-vm
+ socat start-vm waypipe
(cryptsetup.override {
programs = {
diff --git a/host/rootfs/usr/bin/vm-start-way b/host/rootfs/usr/bin/vm-start-way
new file mode 100755
index 0000000..bda9934
--- /dev/null
+++ b/host/rootfs/usr/bin/vm-start-way
@@ -0,0 +1,10 @@
+#!/bin/sh
+# SPDX-License-Identifier: EUPL-1.2+
+
+s6-rc -bu change ext-rc
+s6-rc -l /run/s6-rc.ext -u change $1
+ch-remote --api-socket /run/service/ext-${1}/env/cloud-hypervisor.sock add-vsock cid=4,socket=/run/u.${1}.socket
+cd /run
+nohup waypipe --socket /run/waypipe.sock client &
+nohup socat unix-listen:/run/u.${1}.socket_5000,reuseaddr,fork unix-connect:/run/waypipe.sock &
+
diff --git a/img/app/default.nix b/img/app/default.nix
index e7d5366..80f23c2 100644
--- a/img/app/default.nix
+++ b/img/app/default.nix
@@ -59,6 +59,9 @@ let
DRM_BOCHS = yes;
DRM = yes;
AGP = yes;
+ VSOCKETS = yes;
+ VIRTIO_VSOCKETS = yes;
+ VIRTIO_VSOCKETS_COMMON = yes;
};
};
in
diff --git a/vm/app/hello-waypipe.nix b/vm/app/hello-waypipe.nix
new file mode 100644
index 0000000..601b638
--- /dev/null
+++ b/vm/app/hello-waypipe.nix
@@ -0,0 +1,23 @@
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: 2021-2022 Alyssa Ross <hi@alyssa.is>
+
+{ config ? import ../../../nix/eval-config.nix {} }:
+
+import ../make-vm.nix { inherit config; } {
+ providers.net = [ "netvm" ];
+ run = config.pkgs.callPackage (
+ { writeScript, waypipe, havoc, foot, hello-wayland, socat}:
+ writeScript "run-waypipe-app" ''
+ #!/bin/sh
+ mkdir /run/0
+ export XDG_RUNTIME_DIR=/run/0
+ ${socat}/bin/socat unix-listen:/run/waypipe.sock,reuseaddr,fork vsock-connect:2:5000 &
+ sleep 1
+ ${waypipe}/bin/waypipe --display wayland-local --socket /run/waypipe.sock server -- sleep inf &
+ export WAYLAND_DISPLAY=wayland-local
+ ${havoc}/bin/havoc
+ ${hello-wayland}/bin/hello-wayland
+ ${foot}/bin/foot
+ ''
+ ) { };
+}
--
2.36.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH 2/2] Firefox appVM patches and appVM refactoring
2022-12-04 22:45 [PATCH 1/2] Enables forwarding Wayland from appVM to host with waypipe vadim likholetov
@ 2022-12-04 22:45 ` vadim likholetov
0 siblings, 0 replies; 2+ messages in thread
From: vadim likholetov @ 2022-12-04 22:45 UTC (permalink / raw)
To: devel; +Cc: vadim likholetov
Signed-off-by: vadim likholetov <vadim.likholetov@unikie.com>
---
host/initramfs/extfs.nix | 4 ++-
host/rootfs/Makefile | 2 +-
host/start-vm/lib.rs | 2 +-
img/app/Makefile | 3 +++
img/app/default.nix | 4 +--
img/app/etc/group | 3 +++
img/app/etc/mdev/iface | 5 +++-
img/app/etc/passwd | 1 +
img/app/etc/s6-linux-init/scripts/rc.init | 2 ++
img/app/etc/s6-rc/app/run | 5 ++--
img/app/etc/s6-rc/user-app/run | 19 ++++++++++++++
img/app/etc/s6-rc/user-app/type | 1 +
img/app/etc/s6-rc/user-app/type.license | 2 ++
vm-lib/make-vm.nix | 7 ++---
vm/app/catgirl.nix | 11 +++++++-
vm/app/firefox.nix | 31 +++++++++++++++++++++++
vm/app/hello-waypipe.nix | 12 ++++++---
vm/app/lynx.nix | 10 ++++++++
18 files changed, 109 insertions(+), 15 deletions(-)
create mode 100644 img/app/etc/group
create mode 100755 img/app/etc/s6-rc/user-app/run
create mode 100644 img/app/etc/s6-rc/user-app/type
create mode 100644 img/app/etc/s6-rc/user-app/type.license
create mode 100644 vm/app/firefox.nix
diff --git a/host/initramfs/extfs.nix b/host/initramfs/extfs.nix
index f49e519..917abe2 100644
--- a/host/initramfs/extfs.nix
+++ b/host/initramfs/extfs.nix
@@ -12,12 +12,13 @@ let
appvm-catgirl = import ../../vm/app/catgirl.nix { inherit config; };
appvm-lynx = import ../../vm/app/lynx.nix { inherit config; };
appvm-hello-waypipe = import ../../vm/app/hello-waypipe.nix { inherit config; };
+ appvm-firefox = import ../../vm/app/firefox.nix { inherit config; };
in
runCommand "ext.ext4" {
nativeBuildInputs = [ e2fsprogs ];
} ''
- mkdir -p root/svc/data/appvm-{catgirl,lynx,hello-waypipe}
+ mkdir -p root/svc/data/appvm-{catgirl,lynx,hello-waypipe,firefox}
cd root
tar -C ${netvm} -c data | tar -C svc -x
@@ -26,6 +27,7 @@ runCommand "ext.ext4" {
tar -C ${appvm-catgirl} -c . | tar -C svc/data/appvm-catgirl -x
tar -C ${appvm-lynx} -c . | tar -C svc/data/appvm-lynx -x
tar -C ${appvm-hello-waypipe} -c . | tar -C svc/data/appvm-hello-waypipe -x
+ tar -C ${appvm-firefox} -c . | tar -C svc/data/appvm-firefox -x
mkfs.ext4 -d . $out 16T
resize2fs -M $out
diff --git a/host/rootfs/Makefile b/host/rootfs/Makefile
index 06e3e8e..a228d5e 100644
--- a/host/rootfs/Makefile
+++ b/host/rootfs/Makefile
@@ -148,7 +148,7 @@ run: build/live.img $(EXT_FS) build/rootfs.verity.roothash
exec 3<>"$$ext" && \
rm -f "$$ext" && \
truncate -s +10G /proc/self/fd/3 && \
- exec $(QEMU_KVM) -cpu host -m 2G \
+ exec $(QEMU_KVM) -cpu host -m 4G \
-machine q35,kernel=$(KERNEL),kernel-irqchip=split,initrd=$(INITRAMFS) \
-display gtk,gl=on \
-qmp unix:vmm.sock,server,nowait \
diff --git a/host/start-vm/lib.rs b/host/start-vm/lib.rs
index ef79091..7a89506 100644
--- a/host/start-vm/lib.rs
+++ b/host/start-vm/lib.rs
@@ -44,7 +44,7 @@ pub fn vm_command(dir: PathBuf, config_root: &Path) -> Result<Command, String> {
command.arg("cloud-hypervisor");
command.args(&["--api-socket", "env/cloud-hypervisor.sock"]);
command.args(&["--cmdline", "console=ttyS0 root=PARTLABEL=root"]);
- command.args(&["--memory", "size=128M"]);
+ command.args(&["--memory", "size=512M"]);
command.args(&["--console", "pty"]);
command.arg("--kernel");
command.arg(config_dir.join("vmlinux"));
diff --git a/img/app/Makefile b/img/app/Makefile
index c5a4684..0a15aaa 100644
--- a/img/app/Makefile
+++ b/img/app/Makefile
@@ -48,6 +48,7 @@ VM_FILES = \
etc/mdev.conf \
etc/mdev/iface \
etc/passwd \
+ etc/group \
etc/resolv.conf \
etc/s6-linux-init/scripts/rc.init
VM_DIRS = dev run proc sys \
@@ -76,6 +77,8 @@ build/rootfs.tar: build/empty $(PACKAGES_TAR) $(VM_FILES) $(VM_BUILD_FILES)
VM_S6_RC_FILES = \
etc/s6-rc/app/run \
etc/s6-rc/app/type \
+ etc/s6-rc/user-app/run \
+ etc/s6-rc/user-app/type \
etc/s6-rc/mdevd-coldplug/dependencies \
etc/s6-rc/mdevd-coldplug/type \
etc/s6-rc/mdevd-coldplug/up \
diff --git a/img/app/default.nix b/img/app/default.nix
index 80f23c2..29abf93 100644
--- a/img/app/default.nix
+++ b/img/app/default.nix
@@ -9,7 +9,7 @@ config.pkgs.pkgsStatic.callPackage (
{ lib, stdenvNoCC, runCommand, writeReferencesToFile, buildPackages
, jq, s6-rc, tar2ext4, util-linux
-, busybox, cacert, execline, kmod, mdevd, s6, s6-linux-init
+, busybox, cacert, execline, kmod, mdevd, s6, s6-linux-init, tmux
}:
let
@@ -18,7 +18,7 @@ let
scripts = import ../../scripts { inherit config; };
packages = [
- execline kmod mdevd s6 s6-linux-init s6-rc
+ execline kmod mdevd s6 s6-linux-init s6-rc tmux
(busybox.override {
extraConfig = ''
diff --git a/img/app/etc/group b/img/app/etc/group
new file mode 100644
index 0000000..5a5c9a5
--- /dev/null
+++ b/img/app/etc/group
@@ -0,0 +1,3 @@
+root:x:0:
+tty:x:4:user
+user:x:1000:user
diff --git a/img/app/etc/mdev/iface b/img/app/etc/mdev/iface
index d8ceda5..1aac8a8 100755
--- a/img/app/etc/mdev/iface
+++ b/img/app/etc/mdev/iface
@@ -33,4 +33,7 @@ foreground {
}
}
-s6-rc -u change app
+# fix permissions
+foreground { chmod a+rw /dev/null }
+
+s6-rc -u change app user-app
diff --git a/img/app/etc/passwd b/img/app/etc/passwd
index 29f3b25..1bec4cd 100644
--- a/img/app/etc/passwd
+++ b/img/app/etc/passwd
@@ -1 +1,2 @@
root:x:0:0:System administrator:/:/bin/sh
+user:x:1000:1000:Usual user:/run/home/user/:/bin/sh
diff --git a/img/app/etc/s6-linux-init/scripts/rc.init b/img/app/etc/s6-linux-init/scripts/rc.init
index b46afb7..05e4bb3 100755
--- a/img/app/etc/s6-linux-init/scripts/rc.init
+++ b/img/app/etc/s6-linux-init/scripts/rc.init
@@ -7,5 +7,7 @@ if { s6-rc-init -c /etc/s6-rc /run/service }
if { mkdir -p /dev/pts /dev/shm }
if { modprobe overlay }
if { mount -a }
+if { mkdir -p /run/home/user }
+if { chown 1000:1000 /run/home/user }
s6-rc change ok-all
diff --git a/img/app/etc/s6-rc/app/run b/img/app/etc/s6-rc/app/run
index 2a628b7..8166111 100755
--- a/img/app/etc/s6-rc/app/run
+++ b/img/app/etc/s6-rc/app/run
@@ -5,6 +5,7 @@
export TERM foot
export TERMINFO_DIRS /usr/share/terminfo
export TMPDIR /run
+export TMUX_TMPDIR /run
backtick USER { id -un }
backtick HOME {
@@ -22,5 +23,5 @@ fdmove -c 2 0
foreground { clear }
unexport ?
-foreground { /run/ext/run }
-exec -l sh
+foreground { tmux new sh -c "/run/ext/run" }
+tmux new /bin/sh
diff --git a/img/app/etc/s6-rc/user-app/run b/img/app/etc/s6-rc/user-app/run
new file mode 100755
index 0000000..e0b124c
--- /dev/null
+++ b/img/app/etc/s6-rc/user-app/run
@@ -0,0 +1,19 @@
+#!/bin/sh
+# SPDX-License-Identifier: EUPL-1.2+
+
+export TERM=foot
+export TERMINFO_DIRS=/usr/share/terminfo
+export TMPDIR=/run
+export USER=user
+export TMUX_TMPDIR=/run
+export HOME=/run/home/${USER}
+
+cd $HOME
+
+while ! test -S '/run/tmux-0/default'; do sleep 1; echo waiting for tmux ; done
+sleep 5
+
+echo "starting user service"
+tmux neww su user sh -c "/run/ext/run-as-user"
+tmux neww su user /bin/sh
+sleep inf
diff --git a/img/app/etc/s6-rc/user-app/type b/img/app/etc/s6-rc/user-app/type
new file mode 100644
index 0000000..5883cff
--- /dev/null
+++ b/img/app/etc/s6-rc/user-app/type
@@ -0,0 +1 @@
+longrun
diff --git a/img/app/etc/s6-rc/user-app/type.license b/img/app/etc/s6-rc/user-app/type.license
new file mode 100644
index 0000000..c49c11b
--- /dev/null
+++ b/img/app/etc/s6-rc/user-app/type.license
@@ -0,0 +1,2 @@
+SPDX-License-Identifier: CC0-1.0
+SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
diff --git a/vm-lib/make-vm.nix b/vm-lib/make-vm.nix
index 2c50ca5..7aff6ed 100644
--- a/vm-lib/make-vm.nix
+++ b/vm-lib/make-vm.nix
@@ -13,7 +13,7 @@ pkgs.pkgsStatic.callPackage (
{ lib, runCommand, writeReferencesToFile, e2fsprogs, tar2ext4 }:
-{ run, providers ? {} }:
+{ run, run-as-user, providers ? {} }:
let
inherit (lib)
@@ -34,9 +34,10 @@ runCommand "spectrum-vm" {
mkdir root
cd root
ln -s ${run} run
- comm -23 <(sort ${writeReferencesToFile run}) \
+ ln -s ${run-as-user} run-as-user
+ comm -23 <(sort ${writeReferencesToFile run} ${writeReferencesToFile run-as-user}) \
<(sort ${writeReferencesToFile basePaths}) |
- tar -cf ../run.tar --verbatim-files-from -T - run
+ tar -cf ../run.tar --verbatim-files-from -T - run run-as-user
tar2ext4 -i ../run.tar -o "$out/blk/run.img"
e2label "$out/blk/run.img" ext
diff --git a/vm/app/catgirl.nix b/vm/app/catgirl.nix
index a4c05e3..3a1ef48 100644
--- a/vm/app/catgirl.nix
+++ b/vm/app/catgirl.nix
@@ -5,7 +5,8 @@
import ../make-vm.nix { inherit config; } {
providers.net = [ "netvm" ];
- run = config.pkgs.pkgsStatic.callPackage (
+
+ run-as-user = config.pkgs.pkgsStatic.callPackage (
{ writeScript, catgirl }:
writeScript "run-catgirl" ''
#!/bin/execlineb -P
@@ -14,4 +15,12 @@ import ../make-vm.nix { inherit config; } {
${catgirl}/bin/catgirl -h irc.libera.chat -j "#spectrum" -n $nick
''
) { };
+
+ run = config.pkgs.pkgsStatic.callPackage (
+ { writeScript }:
+ writeScript "run-as-root" ''
+ #!/bin/execlineb -P
+ /bin/true
+ ''
+ ) { };
}
diff --git a/vm/app/firefox.nix b/vm/app/firefox.nix
new file mode 100644
index 0000000..9744164
--- /dev/null
+++ b/vm/app/firefox.nix
@@ -0,0 +1,31 @@
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: 2021-2022 Alyssa Ross <hi@alyssa.is>
+
+{ config ? import ../../../nix/eval-config.nix {} }:
+
+import ../make-vm.nix { inherit config; } {
+ providers.net = [ "netvm" ];
+ run = config.pkgs.callPackage (
+ { writeScript }:
+ writeScript "run-as-root" ''
+ #!/bin/sh
+ /bin/sh
+ ''
+ ) { };
+
+ run-as-user = config.pkgs.callPackage (
+ { writeScript, socat, waypipe, havoc, firefox-wayland}:
+ writeScript "run-firefox" ''
+ #!/bin/sh
+ mkdir /run/home/user/0
+ export XDG_RUNTIME_DIR=/run/home/user/0
+ ${socat}/bin/socat unix-listen:/run/home/user/waypipe.sock,reuseaddr,fork vsock-connect:2:5000 &
+ sleep 1
+ ${waypipe}/bin/waypipe --display wayland-local-user --socket /run/home/user/waypipe.sock server -- sleep inf &
+ export WAYLAND_DISPLAY=wayland-local-user
+
+ ${firefox-wayland}/bin/firefox https://spectrum-os.org/
+ /bin/sh
+ ''
+ ) { };
+}
diff --git a/vm/app/hello-waypipe.nix b/vm/app/hello-waypipe.nix
index 601b638..6ff216c 100644
--- a/vm/app/hello-waypipe.nix
+++ b/vm/app/hello-waypipe.nix
@@ -6,7 +6,7 @@
import ../make-vm.nix { inherit config; } {
providers.net = [ "netvm" ];
run = config.pkgs.callPackage (
- { writeScript, waypipe, havoc, foot, hello-wayland, socat}:
+ { writeScript, waypipe, socat, weston, havoc }:
writeScript "run-waypipe-app" ''
#!/bin/sh
mkdir /run/0
@@ -16,8 +16,14 @@ import ../make-vm.nix { inherit config; } {
${waypipe}/bin/waypipe --display wayland-local --socket /run/waypipe.sock server -- sleep inf &
export WAYLAND_DISPLAY=wayland-local
${havoc}/bin/havoc
- ${hello-wayland}/bin/hello-wayland
- ${foot}/bin/foot
+ ''
+ ) { };
+
+ run-as-user = config.pkgs.pkgsStatic.callPackage (
+ { writeScript, socat, waypipe, havoc, firefox-wayland}:
+ writeScript "run-as-user" ''
+ #!/bin/sh
+ /bin/sh
''
) { };
}
diff --git a/vm/app/lynx.nix b/vm/app/lynx.nix
index 00d449e..0ecc3f0 100644
--- a/vm/app/lynx.nix
+++ b/vm/app/lynx.nix
@@ -5,11 +5,21 @@
import ../make-vm.nix { inherit config; } {
providers.net = [ "netvm" ];
+
run = config.pkgs.pkgsStatic.callPackage (
+ { writeScript }:
+ writeScript "run-root-shell" ''
+ #!/bin/execlineb -P
+ /bin/sh
+ ''
+ ) { };
+
+ run-as-user = config.pkgs.pkgsStatic.callPackage (
{ writeScript, lynx }:
writeScript "run-lynx" ''
#!/bin/execlineb -P
${lynx}/bin/lynx https://spectrum-os.org
''
) { };
+
}
--
2.36.2
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-12-04 22:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-04 22:45 [PATCH 1/2] Enables forwarding Wayland from appVM to host with waypipe vadim likholetov
2022-12-04 22:45 ` [PATCH 2/2] Firefox appVM patches and appVM refactoring vadim likholetov
Code repositories for project(s) associated with this public inbox
https://spectrum-os.org/git/crosvm
https://spectrum-os.org/git/doc
https://spectrum-os.org/git/mktuntap
https://spectrum-os.org/git/nixpkgs
https://spectrum-os.org/git/spectrum
https://spectrum-os.org/git/ucspi-vsock
https://spectrum-os.org/git/www
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).