This restricts the access of these programs to the system. Seccomp is not enabled, though, and the processes still run as root. Full sandboxing needs additional work. In particular, Cloud Hypervisor should receive access to VFIO devices via file descriptor passing. D-Bus and the portal are not sandboxed. They have full access to all user files by design, so a breach of either is catastrophic no matter what. Furthermore, sandboxing them even slightly proved very difficult. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> --- Changes in v3: - Protect bus daemon and portal from other services. - Use s6-softlimit instead of sh to set hard RLIMIT_MEMLOCK. - Link to v2: https://spectrum-os.org/lists/archives/spectrum-devel/20251201-sandbox-v2-0-... Changes in v2: - Sandbox Cloud Hypervisor, virtiofsd, and the router - Link to v1: https://spectrum-os.org/lists/archives/spectrum-devel/20251129-sandbox-v1-1-... --- Demi Marie Obenour (5): host/rootfs: Sandbox crosvm host/rootfs: Sandbox router host/rootfs: Unshare a few more namespaces in virtiofsd host/rootfs: Sandbox Cloud Hypervisor host/rootfs: Try to protect the portal and dbus daemon host/rootfs/default.nix | 4 +-- .../vm-services/template/data/service/dbus/run | 1 + .../template/data/service/spectrum-router/run | 19 +++++++++++-- .../template/data/service/vhost-user-fs/run | 2 +- .../template/data/service/vhost-user-gpu/run | 29 +++++++++++++++++++ .../image/etc/udev/rules.d/99-spectrum.rules | 3 ++ host/rootfs/image/usr/bin/run-vmm | 33 +++++++++++++++++++++- 7 files changed, 84 insertions(+), 7 deletions(-) --- base-commit: 36d857a937900f85b460e9b3db89cf79737bd72c change-id: 20251129-sandbox-5a42a6a41b59 -- Sincerely, Demi Marie Obenour (she/her/hers)