A week of results!
Infrastructure --------------
Fixed a misconfigured spam filter that allowed an obvious spam message through to devel@. Oops.
crosvm ------
Integrated the memfd server[1] on the interguest branch. It's now all sandboxed, and optionally enabled with a command line argument to crosvm run. Not all that much to say here, but it's what took me most of the week!
Getting the sandbox working was a bit weird. When I tried to get it to log seccomp failures, it seemed to just disable the sandbox. I had to track them down with strace instead. Annoying. But the sandbox does work in normal operation.
I still haven't limited how much memory can be requested this way. I think implementing that would be relatively straightforward for another contributor, so I think I'll add it to the ideas list[2] and see if a patch is forthcoming. Otherwise I'll do it myself.
[1]: https://spectrum-os.org/git/crosvm/commit/?h=interguest [2]: https://spectrum-os.org/todo.html
wlroots -------
I took my standalone virtio_wl test program, and integrated it into wlroots' allocate_shm_file function. This has the result that, when running under Sommelier, this patched wlroots will request shared memory from the host, rather than allocating it itself. Porting from the standalone test program was nice, because it meant that this all just worked, first try! (Once I got it to compile under Nixpkgs' or wlroots' strict compiler errors, at least.) This will allow that memory to be sent between VMs!
I haven't pushed the patch yet because I haven't integrated it into Spectrum's Nixpkgs yet. I plan to do that next week. I'm starting to think about moving the stuff specific to Spectrum VMs into an overlay, but I need to think a bit about how to structure that.
Nixpkgs -------
There's no sign of the expected Chromium OS release so far, so I backported[3] support for multiple virtio_wl sockets from a more recent Chromium OS kernel to the one in Spectrum's Nixpkgs. We need this to be able to dedicate a named socket to the memfd server.
[3]: https://spectrum-os.org/git/nixpkgs/commit/?id=f24d310275909265de32cbc831d58...
It's been another week where I've been very focused on one task. I'm quite excited about the direction this is all going. It's looking like we'll be able to do almost everything inside VMs, which means it might be possible to have a host kernel that does almost nothing apart from KVM and PCI passthrough?? This would mean we'd end up with a tiny Linux a little bit (but not all that much) like a microkernel, with most hardware interaction and all user programs running in VMs. Cool stuff! It's not clear to me yet the exact extent to which this is achievable, but it's a nice vision to keep in mind. It might also make it easier for us to transition to a true microkernel at some point in the future.
I'm hoping that I'll hit an NLnet milestone related to this stuff fairly soon. Until I do, I'm now living on the money I've received in the past six months through GitHub Sponsors. Thank you so much to everyone who is helping to make it possible for me to spend this time on the fundamentals so we have a good foundation to build Spectrum on. <3