Firefox appVM patches and appVM refactoring

patches and low-level development discussion
 help / color / mirror / code / Atom feed

From: Vadim Likholetov <vadim.likholetov@unikie.com>
To: devel@spectrum-os.org
Subject: Firefox appVM patches and appVM refactoring
Date: Mon, 5 Dec 2022 00:42:35 +0200	[thread overview]
Message-ID: <CALSVioAzuzQCqRUqbSkjApUrJe-y-yxdKTow7CN2J+W5vq0iLQ@mail.gmail.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 1775 bytes --]

I've made an Firefox appVM for wayland using my waypipe patches.
To make this appVM I have had to refactor Spectrum OS appvm infrastructure.
The main idea of refactoring is enabling appvm to have a user with normal
priviledges, not superuser.
Running everything from root is not the best idea for secure OS :-)
So now the .nix file for appvm has two sections, one that is executed as
root and one as user.
Here is the sample of this definitions:

{ config ? import ../../../nix/eval-config.nix {} }:

import ../make-vm.nix { inherit config; } {
  providers.net = [ "netvm" ];

  run = config.pkgs.pkgsStatic.callPackage (
   { writeScript }:
    writeScript "run-root-shell" ''
      #!/bin/execlineb -P
      /bin/sh
    ''
  ) { };

  run-as-user = config.pkgs.pkgsStatic.callPackage (
    { writeScript, lynx }:
    writeScript "run-lynx" ''
      #!/bin/execlineb -P
      ${lynx}/bin/lynx https://spectrum-os.org
    ''
  ) { };

}

Cloud-hypervisor has virtual hardware limitations -- it supports only one
console device and only one serial device.
SpectrumOS is using serial device for kernel logs of appVM and console
device as a console.
To have access both to root-executed part and to user-executed part of the
VM payload, I installed a tmux on console.
Now, when you're running vm-console command  you get access to the tmux
 and have the ability to switch between root and user consoles,
that can be useful during debugging VM payload.

To run Firefox appVM use vm-start-way command: vm-start-way appvm-firefox :)

I beleive that as soon as SpectrumOS features will cover basic user needs
it's popularity and community will grow and this will make positive impact
on SpectrumOS itself.
Using appvm-firefox prototype you may build another wayland-enabled appVMs.

[-- Attachment #2: Type: text/html, Size: 2098 bytes --]

next             reply	other threads:[~2022-12-04 22:42 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-04 22:42 Vadim Likholetov [this message]
2022-12-06 11:42 ` Alyssa Ross
2022-12-06 13:56   ` Vadim Likholetov
2022-12-06 15:18     ` Alyssa Ross
2022-12-06 15:20 ` Alyssa Ross
2022-12-06 15:57   ` Vadim Likholetov
2022-12-06 17:10     ` Alyssa Ross
2022-12-06 20:12       ` Vadim Likholetov
2022-12-06 20:25         ` Alyssa Ross
2022-12-07  7:41           ` vadik likholetov
2022-12-06 20:19       ` Vadim Likholetov
2022-12-06 20:31         ` Developer-friendliness Alyssa Ross
2022-12-07  7:46           ` Developer-friendliness vadik likholetov
2022-12-06 20:59         ` Developer-friendliness Michael Raskin
2022-12-06 21:14           ` Developer-friendliness Alyssa Ross
2022-12-06 22:05           ` Developer-friendliness Michael Raskin
2022-12-07  8:04       ` Firefox appVM patches and appVM refactoring Ville Ilvonen
2022-12-07 11:09         ` vadik likholetov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CALSVioAzuzQCqRUqbSkjApUrJe-y-yxdKTow7CN2J+W5vq0iLQ@mail.gmail.com \
    --to=vadim.likholetov@unikie.com \
    --cc=devel@spectrum-os.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://spectrum-os.org/git/crosvm
	https://spectrum-os.org/git/doc
	https://spectrum-os.org/git/mktuntap
	https://spectrum-os.org/git/nixpkgs
	https://spectrum-os.org/git/spectrum
	https://spectrum-os.org/git/ucspi-vsock
	https://spectrum-os.org/git/www

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).