From: vadim likholetov <vadim.likholetov@unikie.com>
To: devel@spectrum-os.org
Cc: vadim likholetov <vadim.likholetov@unikie.com>
Subject: [PATCH 2/2] Firefox appVM patches and appVM refactoring
Date: Mon, 5 Dec 2022 00:45:06 +0200 [thread overview]
Message-ID: <20221204224506.1801177-2-vadim.likholetov@unikie.com> (raw)
In-Reply-To: <20221204224506.1801177-1-vadim.likholetov@unikie.com>
Signed-off-by: vadim likholetov <vadim.likholetov@unikie.com>
---
host/initramfs/extfs.nix | 4 ++-
host/rootfs/Makefile | 2 +-
host/start-vm/lib.rs | 2 +-
img/app/Makefile | 3 +++
img/app/default.nix | 4 +--
img/app/etc/group | 3 +++
img/app/etc/mdev/iface | 5 +++-
img/app/etc/passwd | 1 +
img/app/etc/s6-linux-init/scripts/rc.init | 2 ++
img/app/etc/s6-rc/app/run | 5 ++--
img/app/etc/s6-rc/user-app/run | 19 ++++++++++++++
img/app/etc/s6-rc/user-app/type | 1 +
img/app/etc/s6-rc/user-app/type.license | 2 ++
vm-lib/make-vm.nix | 7 ++---
vm/app/catgirl.nix | 11 +++++++-
vm/app/firefox.nix | 31 +++++++++++++++++++++++
vm/app/hello-waypipe.nix | 12 ++++++---
vm/app/lynx.nix | 10 ++++++++
18 files changed, 109 insertions(+), 15 deletions(-)
create mode 100644 img/app/etc/group
create mode 100755 img/app/etc/s6-rc/user-app/run
create mode 100644 img/app/etc/s6-rc/user-app/type
create mode 100644 img/app/etc/s6-rc/user-app/type.license
create mode 100644 vm/app/firefox.nix
diff --git a/host/initramfs/extfs.nix b/host/initramfs/extfs.nix
index f49e519..917abe2 100644
--- a/host/initramfs/extfs.nix
+++ b/host/initramfs/extfs.nix
@@ -12,12 +12,13 @@ let
appvm-catgirl = import ../../vm/app/catgirl.nix { inherit config; };
appvm-lynx = import ../../vm/app/lynx.nix { inherit config; };
appvm-hello-waypipe = import ../../vm/app/hello-waypipe.nix { inherit config; };
+ appvm-firefox = import ../../vm/app/firefox.nix { inherit config; };
in
runCommand "ext.ext4" {
nativeBuildInputs = [ e2fsprogs ];
} ''
- mkdir -p root/svc/data/appvm-{catgirl,lynx,hello-waypipe}
+ mkdir -p root/svc/data/appvm-{catgirl,lynx,hello-waypipe,firefox}
cd root
tar -C ${netvm} -c data | tar -C svc -x
@@ -26,6 +27,7 @@ runCommand "ext.ext4" {
tar -C ${appvm-catgirl} -c . | tar -C svc/data/appvm-catgirl -x
tar -C ${appvm-lynx} -c . | tar -C svc/data/appvm-lynx -x
tar -C ${appvm-hello-waypipe} -c . | tar -C svc/data/appvm-hello-waypipe -x
+ tar -C ${appvm-firefox} -c . | tar -C svc/data/appvm-firefox -x
mkfs.ext4 -d . $out 16T
resize2fs -M $out
diff --git a/host/rootfs/Makefile b/host/rootfs/Makefile
index 06e3e8e..a228d5e 100644
--- a/host/rootfs/Makefile
+++ b/host/rootfs/Makefile
@@ -148,7 +148,7 @@ run: build/live.img $(EXT_FS) build/rootfs.verity.roothash
exec 3<>"$$ext" && \
rm -f "$$ext" && \
truncate -s +10G /proc/self/fd/3 && \
- exec $(QEMU_KVM) -cpu host -m 2G \
+ exec $(QEMU_KVM) -cpu host -m 4G \
-machine q35,kernel=$(KERNEL),kernel-irqchip=split,initrd=$(INITRAMFS) \
-display gtk,gl=on \
-qmp unix:vmm.sock,server,nowait \
diff --git a/host/start-vm/lib.rs b/host/start-vm/lib.rs
index ef79091..7a89506 100644
--- a/host/start-vm/lib.rs
+++ b/host/start-vm/lib.rs
@@ -44,7 +44,7 @@ pub fn vm_command(dir: PathBuf, config_root: &Path) -> Result<Command, String> {
command.arg("cloud-hypervisor");
command.args(&["--api-socket", "env/cloud-hypervisor.sock"]);
command.args(&["--cmdline", "console=ttyS0 root=PARTLABEL=root"]);
- command.args(&["--memory", "size=128M"]);
+ command.args(&["--memory", "size=512M"]);
command.args(&["--console", "pty"]);
command.arg("--kernel");
command.arg(config_dir.join("vmlinux"));
diff --git a/img/app/Makefile b/img/app/Makefile
index c5a4684..0a15aaa 100644
--- a/img/app/Makefile
+++ b/img/app/Makefile
@@ -48,6 +48,7 @@ VM_FILES = \
etc/mdev.conf \
etc/mdev/iface \
etc/passwd \
+ etc/group \
etc/resolv.conf \
etc/s6-linux-init/scripts/rc.init
VM_DIRS = dev run proc sys \
@@ -76,6 +77,8 @@ build/rootfs.tar: build/empty $(PACKAGES_TAR) $(VM_FILES) $(VM_BUILD_FILES)
VM_S6_RC_FILES = \
etc/s6-rc/app/run \
etc/s6-rc/app/type \
+ etc/s6-rc/user-app/run \
+ etc/s6-rc/user-app/type \
etc/s6-rc/mdevd-coldplug/dependencies \
etc/s6-rc/mdevd-coldplug/type \
etc/s6-rc/mdevd-coldplug/up \
diff --git a/img/app/default.nix b/img/app/default.nix
index 80f23c2..29abf93 100644
--- a/img/app/default.nix
+++ b/img/app/default.nix
@@ -9,7 +9,7 @@ config.pkgs.pkgsStatic.callPackage (
{ lib, stdenvNoCC, runCommand, writeReferencesToFile, buildPackages
, jq, s6-rc, tar2ext4, util-linux
-, busybox, cacert, execline, kmod, mdevd, s6, s6-linux-init
+, busybox, cacert, execline, kmod, mdevd, s6, s6-linux-init, tmux
}:
let
@@ -18,7 +18,7 @@ let
scripts = import ../../scripts { inherit config; };
packages = [
- execline kmod mdevd s6 s6-linux-init s6-rc
+ execline kmod mdevd s6 s6-linux-init s6-rc tmux
(busybox.override {
extraConfig = ''
diff --git a/img/app/etc/group b/img/app/etc/group
new file mode 100644
index 0000000..5a5c9a5
--- /dev/null
+++ b/img/app/etc/group
@@ -0,0 +1,3 @@
+root:x:0:
+tty:x:4:user
+user:x:1000:user
diff --git a/img/app/etc/mdev/iface b/img/app/etc/mdev/iface
index d8ceda5..1aac8a8 100755
--- a/img/app/etc/mdev/iface
+++ b/img/app/etc/mdev/iface
@@ -33,4 +33,7 @@ foreground {
}
}
-s6-rc -u change app
+# fix permissions
+foreground { chmod a+rw /dev/null }
+
+s6-rc -u change app user-app
diff --git a/img/app/etc/passwd b/img/app/etc/passwd
index 29f3b25..1bec4cd 100644
--- a/img/app/etc/passwd
+++ b/img/app/etc/passwd
@@ -1 +1,2 @@
root:x:0:0:System administrator:/:/bin/sh
+user:x:1000:1000:Usual user:/run/home/user/:/bin/sh
diff --git a/img/app/etc/s6-linux-init/scripts/rc.init b/img/app/etc/s6-linux-init/scripts/rc.init
index b46afb7..05e4bb3 100755
--- a/img/app/etc/s6-linux-init/scripts/rc.init
+++ b/img/app/etc/s6-linux-init/scripts/rc.init
@@ -7,5 +7,7 @@ if { s6-rc-init -c /etc/s6-rc /run/service }
if { mkdir -p /dev/pts /dev/shm }
if { modprobe overlay }
if { mount -a }
+if { mkdir -p /run/home/user }
+if { chown 1000:1000 /run/home/user }
s6-rc change ok-all
diff --git a/img/app/etc/s6-rc/app/run b/img/app/etc/s6-rc/app/run
index 2a628b7..8166111 100755
--- a/img/app/etc/s6-rc/app/run
+++ b/img/app/etc/s6-rc/app/run
@@ -5,6 +5,7 @@
export TERM foot
export TERMINFO_DIRS /usr/share/terminfo
export TMPDIR /run
+export TMUX_TMPDIR /run
backtick USER { id -un }
backtick HOME {
@@ -22,5 +23,5 @@ fdmove -c 2 0
foreground { clear }
unexport ?
-foreground { /run/ext/run }
-exec -l sh
+foreground { tmux new sh -c "/run/ext/run" }
+tmux new /bin/sh
diff --git a/img/app/etc/s6-rc/user-app/run b/img/app/etc/s6-rc/user-app/run
new file mode 100755
index 0000000..e0b124c
--- /dev/null
+++ b/img/app/etc/s6-rc/user-app/run
@@ -0,0 +1,19 @@
+#!/bin/sh
+# SPDX-License-Identifier: EUPL-1.2+
+
+export TERM=foot
+export TERMINFO_DIRS=/usr/share/terminfo
+export TMPDIR=/run
+export USER=user
+export TMUX_TMPDIR=/run
+export HOME=/run/home/${USER}
+
+cd $HOME
+
+while ! test -S '/run/tmux-0/default'; do sleep 1; echo waiting for tmux ; done
+sleep 5
+
+echo "starting user service"
+tmux neww su user sh -c "/run/ext/run-as-user"
+tmux neww su user /bin/sh
+sleep inf
diff --git a/img/app/etc/s6-rc/user-app/type b/img/app/etc/s6-rc/user-app/type
new file mode 100644
index 0000000..5883cff
--- /dev/null
+++ b/img/app/etc/s6-rc/user-app/type
@@ -0,0 +1 @@
+longrun
diff --git a/img/app/etc/s6-rc/user-app/type.license b/img/app/etc/s6-rc/user-app/type.license
new file mode 100644
index 0000000..c49c11b
--- /dev/null
+++ b/img/app/etc/s6-rc/user-app/type.license
@@ -0,0 +1,2 @@
+SPDX-License-Identifier: CC0-1.0
+SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
diff --git a/vm-lib/make-vm.nix b/vm-lib/make-vm.nix
index 2c50ca5..7aff6ed 100644
--- a/vm-lib/make-vm.nix
+++ b/vm-lib/make-vm.nix
@@ -13,7 +13,7 @@ pkgs.pkgsStatic.callPackage (
{ lib, runCommand, writeReferencesToFile, e2fsprogs, tar2ext4 }:
-{ run, providers ? {} }:
+{ run, run-as-user, providers ? {} }:
let
inherit (lib)
@@ -34,9 +34,10 @@ runCommand "spectrum-vm" {
mkdir root
cd root
ln -s ${run} run
- comm -23 <(sort ${writeReferencesToFile run}) \
+ ln -s ${run-as-user} run-as-user
+ comm -23 <(sort ${writeReferencesToFile run} ${writeReferencesToFile run-as-user}) \
<(sort ${writeReferencesToFile basePaths}) |
- tar -cf ../run.tar --verbatim-files-from -T - run
+ tar -cf ../run.tar --verbatim-files-from -T - run run-as-user
tar2ext4 -i ../run.tar -o "$out/blk/run.img"
e2label "$out/blk/run.img" ext
diff --git a/vm/app/catgirl.nix b/vm/app/catgirl.nix
index a4c05e3..3a1ef48 100644
--- a/vm/app/catgirl.nix
+++ b/vm/app/catgirl.nix
@@ -5,7 +5,8 @@
import ../make-vm.nix { inherit config; } {
providers.net = [ "netvm" ];
- run = config.pkgs.pkgsStatic.callPackage (
+
+ run-as-user = config.pkgs.pkgsStatic.callPackage (
{ writeScript, catgirl }:
writeScript "run-catgirl" ''
#!/bin/execlineb -P
@@ -14,4 +15,12 @@ import ../make-vm.nix { inherit config; } {
${catgirl}/bin/catgirl -h irc.libera.chat -j "#spectrum" -n $nick
''
) { };
+
+ run = config.pkgs.pkgsStatic.callPackage (
+ { writeScript }:
+ writeScript "run-as-root" ''
+ #!/bin/execlineb -P
+ /bin/true
+ ''
+ ) { };
}
diff --git a/vm/app/firefox.nix b/vm/app/firefox.nix
new file mode 100644
index 0000000..9744164
--- /dev/null
+++ b/vm/app/firefox.nix
@@ -0,0 +1,31 @@
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: 2021-2022 Alyssa Ross <hi@alyssa.is>
+
+{ config ? import ../../../nix/eval-config.nix {} }:
+
+import ../make-vm.nix { inherit config; } {
+ providers.net = [ "netvm" ];
+ run = config.pkgs.callPackage (
+ { writeScript }:
+ writeScript "run-as-root" ''
+ #!/bin/sh
+ /bin/sh
+ ''
+ ) { };
+
+ run-as-user = config.pkgs.callPackage (
+ { writeScript, socat, waypipe, havoc, firefox-wayland}:
+ writeScript "run-firefox" ''
+ #!/bin/sh
+ mkdir /run/home/user/0
+ export XDG_RUNTIME_DIR=/run/home/user/0
+ ${socat}/bin/socat unix-listen:/run/home/user/waypipe.sock,reuseaddr,fork vsock-connect:2:5000 &
+ sleep 1
+ ${waypipe}/bin/waypipe --display wayland-local-user --socket /run/home/user/waypipe.sock server -- sleep inf &
+ export WAYLAND_DISPLAY=wayland-local-user
+
+ ${firefox-wayland}/bin/firefox https://spectrum-os.org/
+ /bin/sh
+ ''
+ ) { };
+}
diff --git a/vm/app/hello-waypipe.nix b/vm/app/hello-waypipe.nix
index 601b638..6ff216c 100644
--- a/vm/app/hello-waypipe.nix
+++ b/vm/app/hello-waypipe.nix
@@ -6,7 +6,7 @@
import ../make-vm.nix { inherit config; } {
providers.net = [ "netvm" ];
run = config.pkgs.callPackage (
- { writeScript, waypipe, havoc, foot, hello-wayland, socat}:
+ { writeScript, waypipe, socat, weston, havoc }:
writeScript "run-waypipe-app" ''
#!/bin/sh
mkdir /run/0
@@ -16,8 +16,14 @@ import ../make-vm.nix { inherit config; } {
${waypipe}/bin/waypipe --display wayland-local --socket /run/waypipe.sock server -- sleep inf &
export WAYLAND_DISPLAY=wayland-local
${havoc}/bin/havoc
- ${hello-wayland}/bin/hello-wayland
- ${foot}/bin/foot
+ ''
+ ) { };
+
+ run-as-user = config.pkgs.pkgsStatic.callPackage (
+ { writeScript, socat, waypipe, havoc, firefox-wayland}:
+ writeScript "run-as-user" ''
+ #!/bin/sh
+ /bin/sh
''
) { };
}
diff --git a/vm/app/lynx.nix b/vm/app/lynx.nix
index 00d449e..0ecc3f0 100644
--- a/vm/app/lynx.nix
+++ b/vm/app/lynx.nix
@@ -5,11 +5,21 @@
import ../make-vm.nix { inherit config; } {
providers.net = [ "netvm" ];
+
run = config.pkgs.pkgsStatic.callPackage (
+ { writeScript }:
+ writeScript "run-root-shell" ''
+ #!/bin/execlineb -P
+ /bin/sh
+ ''
+ ) { };
+
+ run-as-user = config.pkgs.pkgsStatic.callPackage (
{ writeScript, lynx }:
writeScript "run-lynx" ''
#!/bin/execlineb -P
${lynx}/bin/lynx https://spectrum-os.org
''
) { };
+
}
--
2.36.2
prev parent reply other threads:[~2022-12-04 22:45 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-04 22:45 [PATCH 1/2] Enables forwarding Wayland from appVM to host with waypipe vadim likholetov
2022-12-04 22:45 ` vadim likholetov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221204224506.1801177-2-vadim.likholetov@unikie.com \
--to=vadim.likholetov@unikie.com \
--cc=devel@spectrum-os.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://spectrum-os.org/git/crosvm
https://spectrum-os.org/git/doc
https://spectrum-os.org/git/mktuntap
https://spectrum-os.org/git/nixpkgs
https://spectrum-os.org/git/spectrum
https://spectrum-os.org/git/ucspi-vsock
https://spectrum-os.org/git/www
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).