- I tried adding `--shared-dir /tmp/ff:ff:type=9p` to share a host directory. Then `mount -t 9p -o trans=virtio,version=9p2000.L ff /tmp` in the VM seemed to work, but `ls /tmp` crashed the VM.
Yeah, this is a known issue. I have a patch[1] for it but didn't add it to the package since I mostly have been working with my own source builds of crosvm.
[1]: https://spectrum-os.org/git/crosvm/commit/?id=1e318da5b57c12f67bed3b528100db...
Ah, I didn't realise it was using seccomp too. I'm not sure how to compile specific versions of crosvm. I tried with:
srcs = lib.genAttrs [ "src/third_party/adhd" "src/aosp/external/minijail" ] getSrc // { "src/platform/crosvm" = /home/.../crosvm; };
and blanked out the hash as it requested, but then:
error: failed to sync Caused by: failed to load pkg lockfile Caused by: failed to resolve patches for `https://github.com/rust-lang/crates.io-index` Caused by: failed to load source for dependency `libvda` Caused by: Unable to update /build/src/platform2/arc/vm/libvda/rust Caused by: failed to read `/build/src/platform2/arc/vm/libvda/rust/Cargo.toml`
Looks like this happens since 57df6a0ab23c3b2ba233b9aa5886ecf47ba3f91f (added a dependency?). Commit 460406d10bbfaa890d56d616b4610813da63a312 just before that gets further, but:
error: the lock file /build/src/platform/crosvm/Cargo.lock needs to be updated but --frozen was passed to prevent this
How do you build it?
(sorry for these basic Nix/Rust questions)
However, I could get 9p to work by running the previous version with --seccomp-log-failures. With that, I can read and write files from the console, but I can't chown things and so can't write from the terminal window, which is running as a user. I guess it needs uidmap set, but I'm not sure how to make that work.
Yeah, crosvm isn't a very nice program to build or package. :( I tried to get the libvda stuff working some time in the past, but it was very complicated. I think you might be able to disable it with cargoBuildFlags = [ "--no-default-features" ]; but my knowledge here is a few months out of date. I can have a look in more detail once I get back from my break. :)
Yeah, crosvm needs to be CAP_NET_ADMIN for that (which is difficult to do with Nix). You can make a TAP device yourself iproute2 and use --tap-fd to tell crosvm to use it, or you can use the mktuntap program I wrote (with a privelege drop after running mktuntap), like this:
sudo mktuntap -pvB 3 \ sudo -u $USER -C 4 result/bin/spectrum-vm -- --tap-fd 3
OK, I tried like this:
exec sudo "$mktuntap" -pvB 3 \ sudo -u "$USER" -C 4 \ "$crosvm" run \ -p init=/sbin/init \ -p "spectrumcmd=$(printf %s "$command" | base64 -w0)" \ --tap-fd 3 \ --seccomp-log-failures \ --root "$rootfs" \ --host_ip 10.0.0.1 \ --netmask 255.0.0.0 \ --mac c0:ff:ee:c0:ff:ee \ -m 4096 \ "$@" \ "$kernel"
I got "sudo: you are not permitted to use the -C option", which I fixed by editing the sudoers file. Then it fails with:
[ERROR:src/main.rs:1351] The architecture failed to build the vm: error creating devices: failed to set up virtio networking: failed to open tap device: failed to create tap interface: Operation not permitted (os error 1)
Strace shows:
openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK|O_CLOEXEC) = 31 ioctl(31, TUNSETIFF, 0x7ffee7ede238) = -1 EPERM (Operation not permitted)
Maybe it's just because my crosvm is too old?
This is because if you specify --host_ip, --netmask, or --mac, crosvm will try to create its own TAP device. If you omit all those arguments I think it should work.
Hope that's all clear -- please ask more questions if you have them, although if it's anything particularly in the weeds I might wait until I'm back from my break to answer. :)
I have many questions :-) But don't feel pressured to answer them; I need to figure out how to make this all work myself anyway, and it's just a bonus if you've already done the work for me...
Well, my ultimate goal is to provide a distribution so that people don't need to figure this stuff out for themselves, but we are a little while away from that. ;)