- Spectrum Development - spectrum-os.org

[PATCH v4 0/5]
by Yureka Lilian 24 Sep '25

24 Sep '25

The patches up to and including "vm/sys/net: build against pkgsMusl" can be applied right away, while the last commit ("vm/sys/net: integrate xdp-forwarder") does not make sense without the router. Changes since v3: - Apply suggestions from Demi in meson recipe, prog_*.c - Split out the appSupport -> guestSupport rename into a seperate commit - Split out the switch to pkgsMusl into a separate commit with reasoning - rename set_router_iface to set-router-iface Changes since v2: - Switch xdp-forwarder build to meson - Add guest build variant of spectrum-tools Changes since v1: - rebased - apply new uncrustify config - moved xdp-forwarder to tools/ - split integration into separate commit - use linuxHeaders instead of vmlinux.h - use original xdp-tutorial {parsing,rewrite}_helpers.h - inlined the load scripts into /etc/iface/mdev, using /usr/lib/xdp as fixed prefix for finding the XDP progs - removed the README, added a paragraph to architecture doc instead Yureka Lilian (5): tools: rename guestSupport -> appSupport tools: add xdp-forwarder docs/architecture: add paragraph about networking vm/sys/net: build against pkgsMusl vm/sys/net: integrate xdp-forwarder Documentation/about/architecture.adoc | 20 ++ img/app/default.nix | 4 +- pkgs/default.nix | 8 +- release/checks/pkg-tests.nix | 3 +- tools/default.nix | 21 +- tools/meson.build | 6 +- tools/meson_options.txt | 7 +- tools/shell.nix | 2 +- tools/xdp-forwarder/include/parsing_helpers.h | 274 ++++++++++++++++++ tools/xdp-forwarder/include/rewrite_helpers.h | 146 ++++++++++ tools/xdp-forwarder/meson.build | 48 +++ tools/xdp-forwarder/prog_physical.c | 39 +++ tools/xdp-forwarder/prog_router.c | 43 +++ tools/xdp-forwarder/set_router_iface.c | 30 ++ vm/sys/net/Makefile | 19 +- vm/sys/net/default.nix | 23 +- vm/sys/net/image/etc/fstab | 2 + vm/sys/net/image/etc/mdev/iface | 27 +- vm/sys/net/image/etc/nftables.conf | 8 - vm/sys/net/image/etc/s6-rc/connman/type | 1 - .../net/image/etc/s6-rc/connman/type.license | 2 - .../net/image/etc/s6-rc/mdevd-coldplug/type | 1 - .../net/image/etc/s6-rc/nftables/type.license | 2 - vm/sys/net/image/etc/s6-rc/nftables/up | 6 - 24 files changed, 676 insertions(+), 66 deletions(-) create mode 100644 tools/xdp-forwarder/include/parsing_helpers.h create mode 100644 tools/xdp-forwarder/include/rewrite_helpers.h create mode 100644 tools/xdp-forwarder/meson.build create mode 100644 tools/xdp-forwarder/prog_physical.c create mode 100644 tools/xdp-forwarder/prog_router.c create mode 100644 tools/xdp-forwarder/set_router_iface.c delete mode 100644 vm/sys/net/image/etc/nftables.conf delete mode 100644 vm/sys/net/image/etc/s6-rc/connman/type delete mode 100644 vm/sys/net/image/etc/s6-rc/connman/type.license delete mode 100644 vm/sys/net/image/etc/s6-rc/mdevd-coldplug/type delete mode 100644 vm/sys/net/image/etc/s6-rc/nftables/type.license delete mode 100644 vm/sys/net/image/etc/s6-rc/nftables/up -- 2.51.0

4 15

[PATCH 0/3] Optimize scripts/make-erofs.sh
by Demi Marie Obenour 23 Sep '25

23 Sep '25

In the future this will hopefully be replaced by mkfs.erofs improvements or a C program that calls the erofs library. However, optimizing the script is much simpler for now. Signed-off-by: Demi Marie Obenour <demiobenour(a)gmail.com> --- Demi Marie Obenour (3): scripts/make-erofs.sh: Avoid unneeded calls to awk and chmod scripts/make-erofs.sh: Avoid calls to dirname scripts/make-erofs.sh: Avoid unneeded calls to mkdir scripts/make-erofs.sh | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) --- base-commit: 15ca6c4684313fcc9fcde3bda97d64698bb267ea change-id: 20250919-less-dirname-2218643e73a6 -- Sincerely, Demi Marie Obenour (she/her/hers)

3 16

[PATCH v5 0/4] xdp-forwarder
by Yureka Lilian 23 Sep '25

23 Sep '25

The patches up to and including "vm/sys/net: build against pkgsMusl" can be applied right away, while the last commit ("vm/sys/net: integrate xdp-forwarder") does not make sense without the router. Changes since v4: - Ensure all patches have my Signed-off-by - add native: true to the find_prog(clang) - Remove merge conflicts artifacts in the integration commit Changes since v3: - Apply suggestions from Demi in meson recipe, prog_*.c - Split out the appSupport -> guestSupport rename into a seperate commit - Split out the switch to pkgsMusl into a separate commit with reasoning - rename set_router_iface to set-router-iface Changes since v2: - Switch xdp-forwarder build to meson - Add guest build variant of spectrum-tools Changes since v1: - rebased - apply new uncrustify config - moved xdp-forwarder to tools/ - split integration into separate commit - use linuxHeaders instead of vmlinux.h - use original xdp-tutorial {parsing,rewrite}_helpers.h - inlined the load scripts into /etc/iface/mdev, using /usr/lib/xdp as fixed prefix for finding the XDP progs - removed the README, added a paragraph to architecture doc instead Yureka Lilian (4): tools: add xdp-forwarder docs/architecture: add paragraph about networking vm/sys/net: build against pkgsMusl vm/sys/net: integrate xdp-forwarder Documentation/about/architecture.adoc | 20 ++ pkgs/default.nix | 4 + release/checks/pkg-tests.nix | 1 + tools/default.nix | 14 +- tools/meson.build | 4 + tools/meson_options.txt | 3 + tools/xdp-forwarder/include/parsing_helpers.h | 274 ++++++++++++++++++ tools/xdp-forwarder/include/rewrite_helpers.h | 146 ++++++++++ tools/xdp-forwarder/meson.build | 48 +++ tools/xdp-forwarder/prog_physical.c | 39 +++ tools/xdp-forwarder/prog_router.c | 43 +++ tools/xdp-forwarder/set_router_iface.c | 30 ++ vm/sys/net/Makefile | 8 +- vm/sys/net/default.nix | 23 +- vm/sys/net/image/etc/fstab | 2 + vm/sys/net/image/etc/mdev/iface | 27 +- vm/sys/net/image/etc/nftables.conf | 8 - vm/sys/net/image/etc/s6-rc/connman/type | 1 - .../net/image/etc/s6-rc/connman/type.license | 2 - .../net/image/etc/s6-rc/mdevd-coldplug/type | 1 - .../net/image/etc/s6-rc/nftables/type.license | 2 - vm/sys/net/image/etc/s6-rc/nftables/up | 6 - 22 files changed, 647 insertions(+), 59 deletions(-) create mode 100644 tools/xdp-forwarder/include/parsing_helpers.h create mode 100644 tools/xdp-forwarder/include/rewrite_helpers.h create mode 100644 tools/xdp-forwarder/meson.build create mode 100644 tools/xdp-forwarder/prog_physical.c create mode 100644 tools/xdp-forwarder/prog_router.c create mode 100644 tools/xdp-forwarder/set_router_iface.c delete mode 100644 vm/sys/net/image/etc/nftables.conf delete mode 100644 vm/sys/net/image/etc/s6-rc/connman/type delete mode 100644 vm/sys/net/image/etc/s6-rc/connman/type.license delete mode 100644 vm/sys/net/image/etc/s6-rc/mdevd-coldplug/type delete mode 100644 vm/sys/net/image/etc/s6-rc/nftables/type.license delete mode 100644 vm/sys/net/image/etc/s6-rc/nftables/up -- 2.51.0

2 5

[PATCH] tools/start-vmm: Add additional warning options
by Demi Marie Obenour 23 Sep '25

23 Sep '25

This detected a missing prototype. No functional change. Signed-off-by: Demi Marie Obenour <demiobenour(a)gmail.com> --- tools/meson.build | 2 ++ tools/start-vmm/ch.h | 1 + 2 files changed, 3 insertions(+) diff --git a/tools/meson.build b/tools/meson.build index 9cebd03e323531fca7600cacf120161a98de16c5..8262f3e01d7bd56561306d7dd4650a22ca40ebe7 100644 --- a/tools/meson.build +++ b/tools/meson.build @@ -9,6 +9,8 @@ project('spectrum-tools', 'c', }) add_project_arguments('-Wno-error=attributes', language : 'c') +add_project_arguments('-Werror=missing-prototypes', language : 'c') +add_project_arguments('-Werror=missing-declarations', language : 'c') if get_option('host') add_languages('rust') diff --git a/tools/start-vmm/ch.h b/tools/start-vmm/ch.h index 7230913ef0abf41a4f712ac4a543c7f7fdecec0f..5431365e6e2894cdebae22a9a44e2ccf1222e0d2 100644 --- a/tools/start-vmm/ch.h +++ b/tools/start-vmm/ch.h @@ -8,3 +8,4 @@ struct net_config { char id[18]; uint8_t mac[6]; }; +struct net_config net_setup(const char name[static 1], int name_len); --- base-commit: edd53bb5dd9b682fec744d6df7921b64e0f56565 change-id: 20250918-more-c-warnings-1-239a405997c0 -- Sincerely, Demi Marie Obenour (she/her/hers)

3 9

Re: [PATCH v4 2/5] tools: add xdp-forwarder
by Alyssa Ross 23 Sep '25

23 Sep '25

Yureka <yuka(a)yuka.dev> writes: > On 9/23/25 17:14, Alyssa Ross wrote: >> Yureka Lilian <yureka(a)cyberchaos.dev> writes: >>> @@ -88,12 +94,15 @@ stdenv.mkDerivation (finalAttrs: { >>> mesonFlags = [ >>> (lib.mesonBool "app" appSupport) >>> (lib.mesonBool "host" hostSupport) >>> + (lib.mesonBool "driver" driverSupport) >>> "-Dhostfsrootdir=/run/virtiofs/virtiofs0" >>> "-Dtests=false" >>> "-Dunwind=false" >>> "-Dwerror=true" >>> ]; >>> >>> + hardeningDisable = lib.optionals driverSupport [ "zerocallusedregs" ]; >>> + >> Could we instead do this in bpf_o_cmd, so it's not disabled for >> userspace programs? > This environment variable works on the stdenv level, so it is difficult > to mix it in from the meson recipe. Any way to do this would add NixOS > specifics to the meson recipe and doesn't feel quite right. The environment variable in stdenv just adds -fzero-call-used-regs=used-gpr to the compiler flags, before the ones given on the command line, so I was thinking we could just add -fzero-call-used-regs=skip (the default) to bpf_o_cmd, to explicitly say we don't want it for these compiler invocations. It'll override the option given by the compiler wrapper, and won't do anything Nix-specific — it would be the right thing for other distros that change compiler defaults as well, which I think is not that uncommon. >>> diff --git a/tools/xdp-forwarder/meson.build b/tools/xdp-forwarder/meson.build >>> new file mode 100644 >>> index 0000000..e6d91ca >>> --- /dev/null >>> +++ b/tools/xdp-forwarder/meson.build >>> @@ -0,0 +1,48 @@ >>> +# SPDX-License-Identifier: EUPL-1.2+ >>> +# SPDX-FileCopyrightText: 2025 Yureka Lilian <yureka(a)cyberchaos.dev> >>> +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour(a)gmail.com> >>> + >>> +libbpf = dependency('libbpf', version : '1.6.2') >>> + >>> +executable('set-router-iface', 'set_router_iface.c', >>> + dependencies : libbpf, >>> + install : true) >>> + >>> +clang = find_program('clang') >> Should be native: true I think. > I can't find a parameter 'native' for find_program() in the meson docs. > Can you explain why this option is needed? Is it to prevent passing two > --target args when cross-compiling? It's to prevent it trying to execute clang for the system you're building for. You'd use find_program(…, native: false) (the default) if you wanted to embed the path to that program in your binary, for example. Documentation is here: https://mesonbuild.com/Reference-manual_functions.html#find_program_native

2 2

[PATCH 00/20] Many image fixes and systemd integration
by Demi Marie Obenour 21 Sep '25

21 Sep '25

Patches 1 through 19 are all fixes or enhancements to the image build process. There are other changes that need to be done around error handling, but these are all useful regardless. See the individual commit messages for details. Notably, one of these patches standardizes file modes so that they are not dependent on the permissions in the user's git repository (except for whether the executable bit is set, which git stores). This is because that depends on things like the user's umask, and thus should have no effect on the image. Patch 20 switches from s6-linux-init to systemd. This is not intended for merging, at least not yet. However, it *is* meant to show the beginning of how Spectrum could benefit from systemd's features. Notably, this patch reduces the amount of code. This is despite all Spectrum-specific services still being managed by s6 and additional complexity in the Nix files being needed to work around nixpkgs not using standard directories to find things like systemd unit files and PAM modules. It's also worth noting that at least GNOME has a fairly hard dependency on systemd, but I doubt COSMIC will as parts of it are even used on Redox, which definitely does not run systemd! Signed-off-by: Demi Marie Obenour <demiobenour(a)gmail.com> --- Demi Marie Obenour (20): scripts/make-erofs.sh: Ensure that / is world-readable scripts/make-erofs.sh: Do not read one byte at a time scripts/make-erofs.sh: Avoid unneeded calls to awk and chmod scripts/make-erofs.sh: Validate all paths scripts/make-erofs.sh: Avoid unneeded calls to dirname scripts/make-erofs.sh: Avoid unneeded calls to mkdir scripts/make-erofs.sh: Standardize file modes in images Standardize directories and symlinks in images Add os-release file host/rootfs: Set -eu in build Add /dev/fd and /dev/std* host/rootfs: Do not read from /dev/tty1 host/rootfs: pass API socket as fd 3, not fd 0 host/rootfs: Disable unneeded BusyBox tools host/rootfs: Use real less, not BusyBox less host/rootfs: explicitly set PATH in network add script Use /etc/s6-rc/compiled for compiled s6-rc directory host/rootfs: virtiofsd: Do not use FD 0 as the socket host/rootfs: Disable unneeded busybox stuff host/rootfs: Switch to systemd LICENSES/ISC.txt | 11 - host/initramfs/etc/init | 7 +- host/rootfs/Makefile | 186 +++++------ host/rootfs/bin | 1 - host/rootfs/default.nix | 347 +++++++++++++++------ host/rootfs/etc/group | 1 - host/rootfs/etc/init | 10 +- host/rootfs/etc/machine-id | 0 host/rootfs/etc/mdev.conf | 7 - host/rootfs/etc/mdev/listen | 11 - host/rootfs/etc/mdev/net/add | 1 + host/rootfs/etc/mdev/wait | 14 - host/rootfs/etc/os-release | 12 + host/rootfs/etc/os-release.license | 2 + host/rootfs/etc/pam.d/login | 9 + host/rootfs/etc/passwd | 1 - host/rootfs/etc/s6-linux-init/env/WAYLAND_DISPLAY | 1 - .../etc/s6-linux-init/env/WAYLAND_DISPLAY.license | 2 - host/rootfs/etc/s6-linux-init/env/XDG_RUNTIME_DIR | 1 - .../etc/s6-linux-init/env/XDG_RUNTIME_DIR.license | 2 - .../etc/s6-linux-init/run-image/opengl-driver | 1 - .../s6-linux-init/run-image/service/getty-tty1/run | 5 - .../s6-linux-init/run-image/service/getty-tty2/run | 5 - .../s6-linux-init/run-image/service/getty-tty3/run | 5 - .../s6-linux-init/run-image/service/getty-tty4/run | 5 - .../run-image/service/s6-svscan-log/run | 6 - .../run-image/service/serial-getty-generator/run | 43 --- .../run-image/service/serial-getty/template/run | 5 - .../run-image/service/vmm/template/run | 1 - .../notification-fd.license | 2 - .../service/xdg-desktop-portal-spectrum-host/run | 5 - .../template/notification-fd | 1 - host/rootfs/etc/s6-linux-init/scripts/rc.init | 10 - host/rootfs/etc/s6-rc/card0/type | 1 - host/rootfs/etc/s6-rc/card0/type.license | 2 - host/rootfs/etc/s6-rc/card0/up | 4 - host/rootfs/etc/s6-rc/core/type | 1 - host/rootfs/etc/s6-rc/core/type.license | 2 - host/rootfs/etc/s6-rc/kvm/timeout-up | 1 - host/rootfs/etc/s6-rc/kvm/timeout-up.license | 2 - host/rootfs/etc/s6-rc/kvm/type | 1 - host/rootfs/etc/s6-rc/kvm/type.license | 2 - host/rootfs/etc/s6-rc/kvm/up | 4 - host/rootfs/etc/s6-rc/mdevd-coldplug/dependencies | 4 - host/rootfs/etc/s6-rc/mdevd-coldplug/type | 1 - host/rootfs/etc/s6-rc/mdevd-coldplug/type.license | 2 - host/rootfs/etc/s6-rc/mdevd-coldplug/up | 4 - host/rootfs/etc/s6-rc/mdevd/notification-fd | 1 - .../rootfs/etc/s6-rc/mdevd/notification-fd.license | 2 - host/rootfs/etc/s6-rc/mdevd/run | 5 - host/rootfs/etc/s6-rc/mdevd/type | 1 - host/rootfs/etc/s6-rc/mdevd/type.license | 2 - host/rootfs/etc/s6-rc/ok-all/contents | 3 +- host/rootfs/etc/s6-rc/static-nodes/type | 1 - host/rootfs/etc/s6-rc/static-nodes/type.license | 2 - host/rootfs/etc/s6-rc/static-nodes/up | 26 -- host/rootfs/etc/s6-rc/sys-vmms/dependencies | 4 - host/rootfs/etc/s6-rc/vm-env/contents | 5 - host/rootfs/etc/s6-rc/vm-env/type | 1 - host/rootfs/etc/s6-rc/vm-env/type.license | 2 - host/rootfs/etc/s6-rc/vmm-env/contents | 6 - host/rootfs/etc/s6-rc/vmm-env/type | 1 - host/rootfs/etc/s6-rc/vmm-env/type.license | 2 - host/rootfs/etc/s6-rc/weston/dependencies | 4 - host/rootfs/etc/s6-rc/weston/run | 7 +- host/rootfs/etc/security/namespace.conf | 0 .../etc/{s6-rc/core/up => sysctl.d/spectrum.conf} | 3 +- .../systemd-veritysetup-generator | 1 + .../etc/systemd/system.conf.d/zspectrum.conf | 25 ++ host/rootfs/etc/systemd/system/-.slice | 5 + .../default.target.requires/s6-init-start.service | 1 + .../s6-init-start.service | 1 + .../s6-init-start.service | 1 + .../etc/systemd/system/s6-init-start.service | 25 ++ .../system/serial-getty@.service.d/90_force.conf | 6 + .../90_spectrum.conf | 4 + .../system/user@.service.d/99_spectrum-uid.conf | 4 + host/rootfs/etc/tmpfiles.d/99-spectrum.conf | 8 + host/rootfs/etc/udev/rules.d/99-spectrum-kvm.rules | 8 + host/rootfs/lib | 1 - host/rootfs/sbin | 1 - host/rootfs/shell.nix | 3 +- host/rootfs/usr/bin/run-appimage | 2 +- host/rootfs/usr/bin/run-vmm | 5 +- host/rootfs/usr/bin/vm-start | 2 +- host/rootfs/usr/lib/spectrum/s6-start | 5 + .../share/spectrum}/service/dbus/notification-fd | 0 .../spectrum}/service/dbus/notification-fd.license | 0 .../share/spectrum}/service/dbus/run | 0 .../share/spectrum/service/dbus/template/log/run | 4 + .../service/dbus/template/notification-fd | 0 .../service/dbus/template/notification-fd.license | 0 .../share/spectrum}/service/dbus/template/run | 2 +- .../service/s6-svscan-log/notification-fd | 0 .../service/s6-svscan-log/notification-fd.license | 0 .../usr/share/spectrum/service/s6-svscan-log/run | 4 + .../service/vhost-user-fs}/notification-fd | 0 .../service/vhost-user-fs}/notification-fd.license | 0 .../share/spectrum/service/vhost-user-fs}/run | 0 .../service/vhost-user-fs/template/log/run | 4 + .../vhost-user-fs/template}/notification-fd | 0 .../vhost-user-fs/template/notification-fd.license | 0 .../spectrum}/service/vhost-user-fs/template/run | 5 +- .../service/vhost-user-gpu}/notification-fd | 0 .../vhost-user-gpu}/notification-fd.license | 0 .../share/spectrum/service/vhost-user-gpu}/run | 0 .../service/vhost-user-gpu/template/data/check | 0 .../service/vhost-user-gpu/template/log/run | 4 + .../vhost-user-gpu/template}/notification-fd | 0 .../template/notification-fd.license | 0 .../spectrum}/service/vhost-user-gpu/template/run | 0 .../spectrum}/service/vhost-user-gpu/template/type | 0 .../service/vhost-user-gpu/template/type.license | 0 host/rootfs/usr/share/spectrum/service/vmm/log/run | 4 + .../share/spectrum/service/vmm}/notification-fd | 0 .../spectrum/service/vmm}/notification-fd.license | 0 .../share/spectrum/service/vmm}/run | 0 .../share/spectrum/service/vmm/template/log/run | 4 + .../spectrum/service/vmm/template}/notification-fd | 0 .../service/vmm/template}/notification-fd.license | 0 .../usr/share/spectrum/service/vmm/template/run | 1 + .../xdg-desktop-portal-spectrum-host/log/run | 4 + .../notification-fd | 0 .../notification-fd.license | 0 .../service/xdg-desktop-portal-spectrum-host}/run | 0 .../template/log/run | 4 + .../template}/notification-fd | 0 .../template/notification-fd.license | 0 .../xdg-desktop-portal-spectrum-host/template/run | 0 img/app/Makefile | 15 +- img/app/bin | 1 - img/app/default.nix | 101 +++--- img/app/etc/os-release | 12 + img/app/etc/os-release.license | 2 + img/app/etc/s6-linux-init/scripts/rc.init | 2 +- img/app/sbin | 1 - release/checks/integration/networking.c | 2 +- release/checks/integration/portal.c | 2 +- scripts/make-erofs.sh | 152 ++++++++- vm/sys/net/Makefile | 15 +- vm/sys/net/bin | 1 - vm/sys/net/default.nix | 2 + vm/sys/net/etc/os-release | 12 + vm/sys/net/etc/os-release.license | 2 + vm/sys/net/etc/s6-linux-init/scripts/rc.init | 7 +- vm/sys/net/lib | 1 - vm/sys/net/sbin | 1 - vm/sys/net/var/run | 1 - 148 files changed, 754 insertions(+), 555 deletions(-) --- base-commit: 0ac65013a1a29e91ea8476f39113e3598eb0e535 change-id: 20250815-systemd-2cdd0b578a86 -- Sincerely, Demi Marie Obenour (she/her/hers)

3 65

[PATCH] Do not ignore errors from tar
by Demi Marie Obenour 21 Sep '25

21 Sep '25

These would be ignored due to a missing -o pipefail in the shell script. As a result, listing nonexistent s6-rc-compile inputs would cause a broken image to be successfully built. Also remove newlines that broke Vim syntax highlighting. Reported-by: Alyssa Ross <hi(a)alyssa.is> Link: https://spectrum-os.org/lists/archives/spectrum-devel/87segu879h.fsf@alyssa… Signed-off-by: Demi Marie Obenour <demiobenour(a)gmail.com> --- host/rootfs/Makefile | 5 ++--- img/app/Makefile | 5 ++--- vm/sys/net/Makefile | 5 ++--- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/host/rootfs/Makefile b/host/rootfs/Makefile index b11ba50f369c3440572e06a7eaca429fbe6746a1..322d75026dbcba4301f26abfbf74efa8cc68cdfd 100644 --- a/host/rootfs/Makefile +++ b/host/rootfs/Makefile @@ -168,9 +168,8 @@ S6_RC_FILES = \ build/etc/s6-rc: $(S6_RC_FILES) mkdir -p $$(dirname $@) rm -rf $@ - - dir=$$(mktemp -d) && \ - tar -c $(S6_RC_FILES) | tar -C $$dir -x --strip-components 3 && \ + set -uo pipefail && dir=$$(mktemp -d) && \ + { tar -c $(S6_RC_FILES) | tar -C $$dir -x --strip-components 3; } && \ s6-rc-compile $@ $$dir; \ exit=$$?; rm -r $$dir; exit $$exit diff --git a/img/app/Makefile b/img/app/Makefile index c83b37364c16576e2609f5005b8a6092b644867b..8b9ecf990fe10adb7aa19b46935826d684f10686 100644 --- a/img/app/Makefile +++ b/img/app/Makefile @@ -116,9 +116,8 @@ VM_S6_RC_FILES = \ build/etc/s6-rc: $(VM_S6_RC_FILES) mkdir -p $$(dirname $@) rm -rf $@ - - dir=$$(mktemp -d) && \ - tar -c $(VM_S6_RC_FILES) | tar -C $$dir -x --strip-components 3 && \ + set -uo pipefail && dir=$$(mktemp -d) && \ + { tar -c $(VM_S6_RC_FILES) | tar -C $$dir -x --strip-components 3; } && \ s6-rc-compile $@ $$dir; \ exit=$$?; rm -r $$dir; exit $$exit diff --git a/vm/sys/net/Makefile b/vm/sys/net/Makefile index 79be242ea26e37d6f02af8761320de27d69d5b69..0193cc8c09f895a6021de0d02fde20362818e185 100644 --- a/vm/sys/net/Makefile +++ b/vm/sys/net/Makefile @@ -81,9 +81,8 @@ VM_S6_RC_FILES = \ build/etc/s6-rc: $(VM_S6_RC_FILES) mkdir -p $$(dirname $@) rm -rf $@ - - dir=$$(mktemp -d) && \ - tar -c $(VM_S6_RC_FILES) | tar -C $$dir -x --strip-components 3 && \ + set -uo pipefail && dir=$$(mktemp -d) && \ + { tar -c $(VM_S6_RC_FILES) | tar -C $$dir -x --strip-components 3; } && \ s6-rc-compile $@ $$dir; \ exit=$$?; rm -r $$dir; exit $$exit --- base-commit: 15ca6c4684313fcc9fcde3bda97d64698bb267ea change-id: 20250919-no-ignore-tar-errors-cea4c781cbbf -- Sincerely, Demi Marie Obenour (she/her/hers)

3 2

Sandboxing strategy
by Demi Marie Obenour 19 Sep '25

19 Sep '25

I was thinking about how to sandbox the various per-VM daemons and came up with the following strategy: - Each VM gets its own PID and mount namespace and set of user IDs. - Mount namespace includes /proc, /sys, /dev, and the host rootfs. - Each service gets its own /tmp and /dev/shm if they are needed at all. - virtiofsd gets r/w access to the VM private storage. - IPC namespaces are irrelevant because the kernel is built without System V IPC or POSIX message queues. - Sending signals between services in the namespace is blocked by Landlock. Landlock also blocks ptrace() and other nastiness, as well as communication via abstract AF_UNIX sockets. - Since AF_UNIX abstract sockets between services are blocked by Landlock and Spectrum builds without IP or even Ethernet on the host there is no need for network namespacing. - The sandbox manager is PID 1 in the VM's PID namespace. When s6 tells it to shut down, it tries to gracefully shut down the VM. After a timeout or once the VM has shut down, it exits, and Linux automatically kills all the processes and cleans up the mount namespace. - The sandbox manager uses prctl(PR_SET_PDEATHSIG) to ensure it dies if the parent s6 process dies. This requires s6 to provide its own PID to avoid races, but that is easy to implement. All of this behavior will be hard-coded into C and Rust source code, so it will be vastly simpler than a generic program that must support many use-cases. -- Sincerely, Demi Marie Obenour (she/her/hers)

2 7

[PATCH] tools/start-vmm: Don't disable improper_ctypes
by Demi Marie Obenour 19 Sep '25

19 Sep '25

The code didn't use improper ctypes. Signed-off-by: Demi Marie Obenour <demiobenour(a)gmail.com> --- tools/start-vmm/net.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/tools/start-vmm/net.rs b/tools/start-vmm/net.rs index c6f5ff1baf2ecedc099ac529e6dbf2711aaae385..1e4665ceb02c9a8899231a100e631f6ce425994d 100644 --- a/tools/start-vmm/net.rs +++ b/tools/start-vmm/net.rs @@ -42,7 +42,6 @@ extern "C" { /// The rest of the result is only valid if the returned fd is not -1. // SAFETY: &Path is sized, so it's okay to pass a reference to it // to C, as long as it's opaque to C. - #[allow(improper_ctypes)] pub fn net_setup(name: *const c_char, len: c_int) -> NetConfigC; } --- base-commit: edd53bb5dd9b682fec744d6df7921b64e0f56565 change-id: 20250918-no-improper-ctypes-72bdc9037e4e -- Sincerely, Demi Marie Obenour (she/her/hers)

2 1

[PATCH 0/3] Minor improvements to the Spectrum OS boot process
by Demi Marie Obenour 19 Sep '25

19 Sep '25

These are all very minor changes. Patch 1 switches from Busybox switch_root to the util-linux version. Since util-linux moves /dev, /sys, and /proc to the root filesystem, three calls to mount go away. Patch 2 adds /dev/fd, /dev/stdin, /dev/stdout, and /dev/stderr symlinks, to avoid compatibility problems with Spectrum OS's third-party dependencies. Patch 3 avoids mounting /proc and /sys in the main system, as the initramfs already did this. Signed-off-by: Demi Marie Obenour <demiobenour(a)gmail.com> --- Demi Marie Obenour (3): host/initramfs: Use util-linux switch_root Add /dev/fd and /dev/std* host/rootfs: Avoid redundant mounts of /proc and /sys host/initramfs/default.nix | 3 ++- host/initramfs/etc/init | 4 ---- host/rootfs/etc/fstab | 2 -- host/rootfs/etc/init | 8 ++++++++ vm/sys/net/etc/init | 8 ++++++++ 5 files changed, 18 insertions(+), 7 deletions(-) --- base-commit: f14abeb3db2c1c47658fa1809f3fde379e41d632 change-id: 20250914-util-linux-switch-root-10034b149e45 -- Sincerely, Demi Marie Obenour (she/her/hers)

3 13