This restricts the access of these programs to the system. Seccomp is not enabled, though, and the processes still run as root. Full sandboxing needs additional work. In particular, Cloud Hypervisor should receive access to VFIO devices via file descriptor passing. Sandboxing Cloud Hypervisor requires the use of sh, as there is no s6 or execline program to increase hard resource limits. D-Bus and the portal are not sandboxed. They have full access to all user files by design, so a breach of either is catastrophic no matter what. Furthermore, sandboxing them even slightly proved very difficult. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> --- Changes in v2: - Sandbox Cloud Hypervisor, virtiofsd, and the router - Link to v1: https://spectrum-os.org/lists/archives/spectrum-devel/20251129-sandbox-v1-1-... --- Demi Marie Obenour (4): host/rootfs: Sandbox crosvm host/rootfs: Sandbox router host/rootfs: Sandbox virtiofsd host/rootfs: Sandbox Cloud Hypervisor host/rootfs/default.nix | 4 +-- .../template/data/service/spectrum-router/run | 19 +++++++++++-- .../template/data/service/vhost-user-fs/run | 28 ++++++++++++++++-- .../template/data/service/vhost-user-gpu/run | 24 +++++++++++++++- .../image/etc/udev/rules.d/99-spectrum.rules | 3 ++ host/rootfs/image/usr/bin/run-vmm | 33 +++++++++++++++++++--- 6 files changed, 98 insertions(+), 13 deletions(-) --- base-commit: 44f32b7a4b3cfbb4046447318e6753dd0eb71add change-id: 20251129-sandbox-5a42a6a41b59 -- Sincerely, Demi Marie Obenour (she/her/hers)