This restricts the access of these programs to the system. Seccomp is not enabled, though, and the processes still run as root. Full sandboxing needs additional work. In particular, Cloud Hypervisor should receive access to VFIO devices via file descriptor passing. D-Bus, the portals, and Weston only unshare cgroup, IPC, network, and UTS namespaces. Unsharing mount namespaces breaks the file portal. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> --- Changes in v4: - Unshare cgroup, IPC, network, and UTS namespaces from Weston. - Unshare cgroup and UTS namespaces from D-Bus. - Link to v3: https://spectrum-os.org/lists/archives/spectrum-devel/20251203-sandbox-v3-0-... Changes in v3: - Protect bus daemon and portal from other services. - Use s6-softlimit instead of sh to set hard RLIMIT_MEMLOCK. - Link to v2: https://spectrum-os.org/lists/archives/spectrum-devel/20251201-sandbox-v2-0-... Changes in v2: - Sandbox Cloud Hypervisor, virtiofsd, and the router - Link to v1: https://spectrum-os.org/lists/archives/spectrum-devel/20251129-sandbox-v1-1-... --- Demi Marie Obenour (6): host/rootfs: Sandbox crosvm host/rootfs: Sandbox router host/rootfs: Unshare a few more namespaces in virtiofsd host/rootfs: Sandbox Cloud Hypervisor host/rootfs: Try to protect the portal and dbus daemon host/rootfs: "Sandbox" Weston host/rootfs/default.nix | 4 +-- .../vm-services/template/data/service/dbus/run | 5 ++++ .../template/data/service/spectrum-router/run | 19 +++++++++++-- .../template/data/service/vhost-user-fs/run | 2 +- .../template/data/service/vhost-user-gpu/run | 29 +++++++++++++++++++ host/rootfs/image/etc/s6-rc/weston/run | 5 ++++ .../image/etc/udev/rules.d/99-spectrum.rules | 3 ++ host/rootfs/image/usr/bin/run-vmm | 33 +++++++++++++++++++++- 8 files changed, 93 insertions(+), 7 deletions(-) --- base-commit: de3a8808f390bdce421077a62107f1d8bdeff22c change-id: 20251129-sandbox-5a42a6a41b59 -- Sincerely, Demi Marie Obenour (she/her/hers)