[PATCH 2/2] host/rootfs: disable CONFIG_PROC_SCSI in kernel

15 Dec 2025

This is a legacy interface.  I doubt anything in Spectrum depends on
it.  The previous approach of masking it out with Bubblewrap failed on
aarch64, where it was already disabled in the kernel config.

Fixes: 62590b8 ("host/rootfs: Sandbox crosvm")
Fixes: ec47d36 ("host/rootfs: Sandbox Cloud Hypervisor")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
This also means the floodgates are now open for any other rootfs kernel 
changes that anybody wants to propose.

 host/rootfs/default.nix                                     | 6 +++++-
 .../vm-services/template/data/service/vhost-user-gpu/run    | 2 --
 host/rootfs/image/usr/bin/run-vmm                           | 2 --
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix
index 66aa366..26757ef 100644
--- a/host/rootfs/default.nix
+++ b/host/rootfs/default.nix
@@ -49,7 +49,11 @@ let
     system.stateVersion = trivial.release;
   });
 
-  kernel = linux_latest;
+  kernel = linux_latest.override {
+    structuredExtraConfig = with lib.kernel; {
+      SCSI_PROC_FS = no;
+    };
+  };
 
   appvm = callSpectrumPackage ../../img/app { inherit (foot) terminfo; };
   netvm = callSpectrumPackage ../../vm/sys/net { inherit (foot) terminfo; };
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run
index e063a82..bdd842e 100755
--- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run
+++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run
@@ -31,8 +31,6 @@ bwrap
   --disable-userns
   --proc /proc
   --ro-bind /proc/sys /proc/sys
-  --tmpfs /proc/scsi
-  --remount-ro /proc/scsi
   --tmpfs /proc/acpi
   --remount-ro /proc/acpi
   --tmpfs /proc/fs
diff --git a/host/rootfs/image/usr/bin/run-vmm b/host/rootfs/image/usr/bin/run-vmm
index e30b14c..d71f7eb 100755
--- a/host/rootfs/image/usr/bin/run-vmm
+++ b/host/rootfs/image/usr/bin/run-vmm
@@ -104,8 +104,6 @@ bwrap
   --bind /run /run
   --proc /proc
   --ro-bind /proc/sys /proc/sys
-  --tmpfs /proc/scsi
-  --remount-ro /proc/scsi
   --tmpfs /proc/acpi
   --remount-ro /proc/acpi
   --tmpfs /proc/fs
-- 
2.51.0

    