From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-4.5 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 Received: by atuin.qyliss.net (Postfix, from userid 496) id A738113A15; Tue, 9 Mar 2021 16:59:50 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 04BE7139C7; Tue, 9 Mar 2021 16:59:31 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 496) id 9D86B13983; Tue, 9 Mar 2021 16:59:28 +0000 (UTC) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) by atuin.qyliss.net (Postfix) with ESMTPS id B9A0013982 for ; Tue, 9 Mar 2021 16:59:24 +0000 (UTC) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 10BAE5C00FE; Tue, 9 Mar 2021 11:59:24 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Tue, 09 Mar 2021 11:59:24 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h= date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm2; bh=sTqmpfWR759PXfgA3DfGrSpS8Kn LGNNursVZWNeGUB4=; b=SMwa6Z3We+/wlYH+HuWGjcyNebB27JeozhG2RJ+ItQj LfMl0w6CITN5Q+tIB9j0QkTBnMVRinQmDA9WZkJ7lydxgzcA3zLvoaiK3Udoz0ps SaMA63TdI1H6oZSC4e5K4QrSIXyaMbQBhZxDVV+1oCCEOjak4WhM4yRJjJD83Xj4 ybfG4ep7YkIo5zbXWug+Nv3DqAruAoa+e7FiL6baACqO/wbaSxjaul2WDbNGSbgA P8wi21A8agx77iKrkCkTQ6hdiqSJKHE7xkRmi8OLSeHjk3e+X4sb76V8XkQo6Ojz ceyXlVwePR2B2gd7wcWKUrg5nG3hikz61echsolBZ3g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=sTqmpf WR759PXfgA3DfGrSpS8KnLGNNursVZWNeGUB4=; b=Y5AmgIjgY46MjwTU1JvqW8 tuwxSiH61xhiWWjAH/TF5nCZNkwCDdzfrXQNn8gf7jIccdAUJIFGlEcLdUo63zD2 2rSr+NDTzJmXSABWLh5KjkJrOMGPwekMQe3fEs/2JVAmEV4lLZaxNEOaydEZTuOv kt/xbjxc6PqaZKrfCSY34sD8mEnOoLbLuMLGJ++0K4nM7iKQE6JRfpiycJI5CPbj chRKOSKre/lXCDlnjOIGdnSqOiWSZ2gGFj74nbvm5sWIVTjKOo25z9KrrhxHL2Ad 1uA8HWt/Am1z24yufrZCJ7KcnW5iOWjFqVzmK+frbK9TS3HBDo7lJ/3XVaYQb2Hw == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudduiedgleehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujgesghdttd ertddtjeenucfhrhhomheptehlhihsshgrucftohhsshcuoehhihesrghlhihsshgrrdhi sheqnecuggftrfgrthhtvghrnhepueejueekgfefgeekjeehkeejheegtdefuefffeettd eiffetffeugfffudeuveefnecuffhomhgrihhnpehrohhstghiughushdrtghomhdpqhgv mhhurdhorhhgnecukfhppeejledrvdefhedruddvvddrudegheenucevlhhushhtvghruf hiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehqhihlihhsshesgidvvddtrdhq hihlihhsshdrnhgvth X-ME-Proxy: Received: from x220.qyliss.net (p4feb7a91.dip0.t-ipconnect.de [79.235.122.145]) by mail.messagingengine.com (Postfix) with ESMTPA id 390BB1080063; Tue, 9 Mar 2021 11:59:23 -0500 (EST) Received: by x220.qyliss.net (Postfix, from userid 1000) id 20D571226; Tue, 9 Mar 2021 16:59:22 +0000 (UTC) Date: Tue, 9 Mar 2021 16:59:22 +0000 From: Alyssa Ross To: Thomas Leonard Subject: Qubes-lite With KVM and Wayland Message-ID: <20210309165922.mg6hdqzzeurdmjsq@x220.qyliss.net> References: <87ble2czx6.fsf@alyssa.is> <87lfcvn1ln.fsf@alyssa.is> <87bldrn0kh.fsf@alyssa.is> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="dnzmjkszvpi6cuyd" Content-Disposition: inline In-Reply-To: Message-ID-Hash: RFFRNBT4NB73BG4KECFSXWGPXHJTBYOR X-Message-ID-Hash: RFFRNBT4NB73BG4KECFSXWGPXHJTBYOR X-MailFrom: qyliss@x220.qyliss.net X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Michael Raskin <7c6f434c@mail.ru>, discuss@spectrum-os.org X-Mailman-Version: 3.3.1 Precedence: list List-Id: General high-level discussion about Spectrum Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: --dnzmjkszvpi6cuyd Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Mar 07, 2021 at 12:52:36PM +0000, Thomas Leonard wrote: > On Wed, 27 Jan 2021 at 17:31, Thomas Leonard wrote: > [...] > > If any of this sounds useful for spectrum let me know. I can try and > > tidy it up; it's all a huge mess at the moment! > > I got a bit further (fixed my sommelier problems), but have run out of > time for now :-( > > I've written up where I got to here: > > https://roscidus.com/blog/blog/2021/03/07/qubes-lite-with-kvm-and-wayland/ I saw this online the other day and started reading it without realising it was you, and then I saw you were using Nix and thought "wow, that's close to what I'm (not) doing", and then I saw the Spectrum section, and then realised who the author was. :) I'll quote a little from it and reply to bits: > When I wanted a newer package (socat with vsock support, only just > released) I just told Nix to install it from the latest Git checkout of > nixpkgs. I'm excited to learn that socat has vsock support now! That's going to be very useful. I have a half-done patch somewhere that adds vsock support to strace that I should finish up as well. > True, my squashfs image is getting a bit big. Maybe I should instead > make a minimal squashfs boot image, plus a shared directory of hard > links to the required files. That would allow sharing the data with the > host. I could also just share the whole /nix/store directory, if I > wanted to make all host software available to guests. I think the solution I will end up going with for this will be a custom virtiofsd implementation that can implement some access controls. The even simpler solution would be to seperately expose every store path we want to share as a virtio-fs device, but that's a lot of virtio devices! (I vaguely remember the maximum might be as low as 16, too). > I didn=E2=80=99t have time to write and debug C++ code for every missing > Wayland protocol, so I took a short-cut: I wrote my own Wayland library, > ocaml-wayland, and then used that to write my own version of sommelier. > With that, adding support for copying text was fairly easy. Well this is interesting! I definitely want to learn more about this. > * One problem with virtwl is that, while we can receive shared > memory FDs from the host, we can=E2=80=99t export guest memory to the > host. This is unfortunate, because in Wayland the shared memory for > window contents is allocated by the application from guest memory, > and the proxy therefore has to copy each frame. If the host > provided the memory to the guest, this wouldn=E2=80=99t be needed. The= re > is a wl_drm protocol for allocating video memory, which might help > here, but I don=E2=80=99t know how that works and, like many Wayland > specifications, it seems to be in the process of being replaced by > something else. Yeah, this comes up on the virtio mailing list from time to time. It's a very difficult problem to solve, but there might be a solution some day. I think I've written about my own explorations in this area on this list before. > I=E2=80=99m not sure how guest-to-guest communication works with KVM. It... doesn't really, at least not the way it does with Xen. virtio-vhost-user[1] is promising, but very early stages. I've talked in quite a lot of detail about how that works on this list before as well. guest-to-guest communication was my main area of work for most of the second half of last year (and what ended up causing me to burn out). [1]: https://wiki.qemu.org/Features/VirtioVhostUser > I hope the SpectrumOS project will resume at some point Me too! Maybe it's resuming right now! (Although I'm not committing -- just because I'm feeling ready to get back into it today doesn't mean that's going to be sustainable again yet.) --dnzmjkszvpi6cuyd Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEH9wgcxqlHM/ARR3h+dvtSFmyccAFAmBHqWcACgkQ+dvtSFmy ccB5NBAAoAqhdwmI9YfWJAaJY7gkYIPiekMRDUFRyv5fDdnW1dV4gKedYEMYh/RK 5JFxkiNZF4UiWoRAgcuy4bZ+XxmsJlhTXgEH0m2SqbnbeJsdVaHXtUOeYq+A3uVk Ev2+JW+5E+RyScC80s4UCVvV2UkHDRVUCyxz9d5IguwFZYoZt2xr9l7vONt5Ires hmRg1PZM+P3TrmwnswvADT/CQikKl6yZkG6sGI2h52sndZCgxWvTOWgJOOnhCarS zDmoypkGuxtIjhAZmsKzdqGQrJkMyZ/Ug8+f4N0U0L95nJTQfFM+gZRPbUnx7rnE XMENF2UlmlSIo+A+21M7+ZV2K+9zX57FQEGNZ95HwQUb4/Dbs9cvMkje9NzsgNkh dgMUz1Onx1O8Tmgu1EWDdIX00OmgZZe+/s/iywIe0sFidu8PerJh6CbZnsn61ie7 +tcFqleDOOMPDN4/JpE3iwmREjeSrjAMjE51LL7Z8fcvwpMwVOkmBXfCTVwm9Ylv p96bffeM/cSdm1TCe0V6Gh/UyF7UcbbD+kyPyWZcwiXxngXZrU25Bf/3s21qdkOY cTMo/ISlkuPBvw1pJp+ZEnzf3hjciEEgZpNkWDVMhxTHmfk6eMrhl9tZt79/uUl9 hXatFLSRdSCKuz8nOlRROxKnXEfOIU3pz6+4E0wKyJlzb6/vamA= =rc1s -----END PGP SIGNATURE----- --dnzmjkszvpi6cuyd--