From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-4.5 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,WEIRD_PORT autolearn=unavailable autolearn_force=no version=3.4.4 Received: by atuin.qyliss.net (Postfix, from userid 496) id 7083754B5D; Thu, 14 Jan 2021 12:30:00 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id CF60D54AB3; Thu, 14 Jan 2021 12:29:38 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 496) id CE6B954AB0; Thu, 14 Jan 2021 12:29:36 +0000 (UTC) Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) by atuin.qyliss.net (Postfix) with ESMTPS id 6E61A54978 for ; Thu, 14 Jan 2021 12:29:32 +0000 (UTC) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id B7C101625; Thu, 14 Jan 2021 07:29:28 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Thu, 14 Jan 2021 07:29:28 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h= from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-type; s=fm2; bh=gjDrtEkE7EziSnT1JEd1+a3r70 FM5u2Fp/O/38tRi8k=; b=FWz2xPc5nAjJcK/tiRxdiJ7B+IX/1WTcOtaEXZcMbI I6e2RVCtg/tguqwGtZHyAD3u9TWFtRxMf8sLzeIMPQj+hv8ExjfHX/e8+XPVlFAj O2FwcQ2jjKmsRCfsm7QiAfWm/GtG80fkF+0y854I9diNAnQ64Ws4LCrtUrwXrOFV VHWe+zX6RFtfjV3Sdz9lLVijDU6n7kfRXvkHmNJTsDAZKhVX80n6Xt4VYDdJ8Ny5 GX42HeEKWnBYKsSgAPU3cMfAizsL7KlDyHlULpBTwPutOKIQ6W7Qwzt0IDJktnoX 1IfxEihvBXr5QPnya+tCIOicyJEvhW0Vyh9bu0H9fSJg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=gjDrtE kE7EziSnT1JEd1+a3r70FM5u2Fp/O/38tRi8k=; b=HzXGp8dmaLxIUw7WDbG9Px 0exDCyW2Thz2/Q6xhwbTNoBa53IlaZu4ows9Do2NY+DJNgolGgxcr++ghKWuqQgp 1LgYy1+QoN/3VgblruVvaB/2SKEBu9Skw/JasGNSAoK94ZntuxFVdmZH1BEn5bBt 95Kp+7WTQKdj1c/X6sGNeOYCte0egIzDr+V2IMBLv8IGhHfmiEl9CXtOTwGUunLi l/AkyEBtaAG2I1i5D6up+4+D+eIL9sG9WS/JhO8/xsZPhZ8UkcrozC+wBuMHKAv4 Z+wdMCLICad6AZeAIaeV8pqJAisAo78CYSMO/k4M+4cGYiVY4zxurzlcq0+ZkHtg == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrtddtgdduhecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvufgjfhffkfggtgesghdtreertd dttdenucfhrhhomheptehlhihsshgrucftohhsshcuoehhihesrghlhihsshgrrdhisheq necuggftrfgrthhtvghrnhepkeeghfdvkeeflefghfdvvddvgefhieffhedutefggefghe dtgeejtedvleduledtnecuffhomhgrihhnpehsphgvtghtrhhumhdqohhsrdhorhhgpdhg ihhthhhusgdrtghomhenucfkphepjeelrddvfeehrdduvddurddvgeehnecuvehluhhsth gvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhephhhisegrlhihshhsrgdr ihhs X-ME-Proxy: Received: from x220.qyliss.net (p4feb79f5.dip0.t-ipconnect.de [79.235.121.245]) by mail.messagingengine.com (Postfix) with ESMTPA id 7935F108005F; Thu, 14 Jan 2021 07:29:27 -0500 (EST) Received: by x220.qyliss.net (Postfix, from userid 1000) id 5BE9C993; Thu, 14 Jan 2021 12:29:26 +0000 (UTC) From: Alyssa Ross To: Thomas Leonard Subject: Re: New user getting started questions In-Reply-To: References: <87ble2czx6.fsf@alyssa.is> Date: Thu, 14 Jan 2021 12:29:24 +0000 Message-ID: <87lfcvn1ln.fsf@alyssa.is> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Message-ID-Hash: 6PXEKVV6GWP3QQ547XLMONE4VVNLIXE3 X-Message-ID-Hash: 6PXEKVV6GWP3QQ547XLMONE4VVNLIXE3 X-MailFrom: hi@alyssa.is X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Michael Raskin <7c6f434c@mail.ru>, discuss@spectrum-os.org X-Mailman-Version: 3.3.1 Precedence: list List-Id: General high-level discussion about Spectrum Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: --=-=-= Content-Type: text/plain >> > - I tried adding `--shared-dir /tmp/ff:ff:type=9p` to share a host >> > directory. Then `mount -t 9p -o trans=virtio,version=9p2000.L ff /tmp` >> > in the VM seemed to work, but `ls /tmp` crashed the VM. >> >> Yeah, this is a known issue. I have a patch[1] for it but didn't add it >> to the package since I mostly have been working with my own source >> builds of crosvm. >> >> [1]: https://spectrum-os.org/git/crosvm/commit/?id=1e318da5b57c12f67bed3b528100dbe4ec287ac5 > > Ah, I didn't realise it was using seccomp too. I'm not sure how to > compile specific versions of crosvm. I tried with: > > srcs = lib.genAttrs [ > "src/third_party/adhd" > "src/aosp/external/minijail" > ] getSrc // { "src/platform/crosvm" = /home/.../crosvm; }; > > and blanked out the hash as it requested, but then: > > error: failed to sync Caused by: failed to load pkg lockfile Caused > by: failed to resolve patches for > `https://github.com/rust-lang/crates.io-index` Caused by: failed to > load source for dependency `libvda` Caused by: Unable to update > /build/src/platform2/arc/vm/libvda/rust Caused by: failed to read > `/build/src/platform2/arc/vm/libvda/rust/Cargo.toml` > > Looks like this happens since 57df6a0ab23c3b2ba233b9aa5886ecf47ba3f91f > (added a dependency?). Commit 460406d10bbfaa890d56d616b4610813da63a312 > just before that gets further, but: > > error: the lock file /build/src/platform/crosvm/Cargo.lock needs to be > updated but --frozen was passed to prevent this > > How do you build it? > > (sorry for these basic Nix/Rust questions) > > However, I could get 9p to work by running the previous version with > --seccomp-log-failures. With that, I can read and write files from the > console, but I can't chown things and so can't write from the terminal > window, which is running as a user. I guess it needs uidmap set, but > I'm not sure how to make that work. Yeah, crosvm isn't a very nice program to build or package. :( I tried to get the libvda stuff working some time in the past, but it was very complicated. I think you might be able to disable it with cargoBuildFlags = [ "--no-default-features" ]; but my knowledge here is a few months out of date. I can have a look in more detail once I get back from my break. :) >> Yeah, crosvm needs to be CAP_NET_ADMIN for that (which is difficult to >> do with Nix). You can make a TAP device yourself iproute2 and use >> --tap-fd to tell crosvm to use it, or you can use the mktuntap program I >> wrote (with a privelege drop after running mktuntap), like this: >> >> sudo mktuntap -pvB 3 \ >> sudo -u $USER -C 4 result/bin/spectrum-vm -- --tap-fd 3 > > OK, I tried like this: > > exec sudo "$mktuntap" -pvB 3 \ > sudo -u "$USER" -C 4 \ > "$crosvm" run \ > -p init=/sbin/init \ > -p "spectrumcmd=$(printf %s "$command" | base64 -w0)" \ > --tap-fd 3 \ > --seccomp-log-failures \ > --root "$rootfs" \ > --host_ip 10.0.0.1 \ > --netmask 255.0.0.0 \ > --mac c0:ff:ee:c0:ff:ee \ > -m 4096 \ > "$@" \ > "$kernel" > > I got "sudo: you are not permitted to use the -C option", which I > fixed by editing the sudoers file. Then it fails with: > > [ERROR:src/main.rs:1351] The architecture failed to build the vm: > error creating devices: failed to set up virtio networking: failed to > open tap device: failed to create tap interface: Operation not > permitted (os error 1) > > Strace shows: > > openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK|O_CLOEXEC) = 31 > ioctl(31, TUNSETIFF, 0x7ffee7ede238) = -1 EPERM (Operation not permitted) > > Maybe it's just because my crosvm is too old? This is because if you specify --host_ip, --netmask, or --mac, crosvm will try to create its own TAP device. If you omit all those arguments I think it should work. >> Hope that's all clear -- please ask more questions if you have them, >> although if it's anything particularly in the weeds I might wait until >> I'm back from my break to answer. :) > > I have many questions :-) But don't feel pressured to answer them; I > need to figure out how to make this all work myself anyway, and it's > just a bonus if you've already done the work for me... Well, my ultimate goal is to provide a distribution so that people don't need to figure this stuff out for themselves, but we are a little while away from that. ;) --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEH9wgcxqlHM/ARR3h+dvtSFmyccAFAmAAOSQACgkQ+dvtSFmy ccAv3A/8CWzWDzpVJJmTwQdxJ0oUBJnBAP0wPfZHqGpbzqwp47Y9wIOlOhsGAA49 ucBPLlPVAiiZ8Y0yRycnRTMiXlgE8XfboGurVgvFGt5YSMbHEgL9JMwMorzz3deD C0Ziav6sBQXC1b+Xy8UylaN5PJpGszv/rynPPa5Yw1I9DrncTAUixZtwVzazsl2+ st2ofK3sDLKIsJBXzOIgkTDHB6Y3Y7/eJ5LW3uJfiO634XaF/xk6GWAyQYQMX23w CeV6iiJnt1qfB4FRJY3ouTjFWnDQb+II4jfL8X4PKuzQADH1b/zyBAiqEL5hyo6i 1mOofyAQaIYvIbSqPl7KdFpj8/OLkC167h7ff7tre3Z29keRaXVqCkuUolnfAaO8 ab/LS9xPqOHzNC48qb75aD0VCY3kSTBC8UwA5g9XOGrqAOQBuxfkR9mnETlDJFQi IM8cRKULrveQIyhYmyLRlbvmv6GqAKyPCa+C+hLOxJUXG6IzLnG+xXq98LexgL0b N5odolDKmCWoGMPXq4lYM0KuguLExqgNJB21HXgQU/g8rsTPK24rqM/kKUJhSR70 +FOn9FUm5f4E0Dj8QZ8xUCNnB5XlcVrzmix6RSzSHrGIWN1gK0MaBC7PIiMuwXjm qZPb1ygz0nKlMDR/+QVoaRn43ZQ8XoIRC0rHLtyNc2TfnlGDLCo= =WRs4 -----END PGP SIGNATURE----- --=-=-=--