Hello. On Sat, Aug 16, 2025 at 07:11:32PM -0400, Demi Marie Obenour <demiobenour@gmail.com> wrote:
If the Cloud Hypervisor instance is stopped or exits, the others should be stopped automatically, as they have no other use. Having BindsTo=, After=, PropagatesStopTo=, and PropagatesReloadTo= should handle most cases, but I don't know if that is sufficient if Cloud Hypervisor exits spontaneously (because the guest shut down) or crashes.
Maybe vm.service Wants=crosvm.service ... xdf-desktop-portal.service and each of the supporive services would have StopWhenUnneeded=true
Additionally, these services have different sandboxing needs. Cloud Hypervisor should only be able to connect to its own instance of the daemons that serve it, rather than to any instance. crosvm needs GPU and Wayland access and vhost-device-sound needs to connect to PipeWire. virtiofsd needs an id-mapped mount. I would also like to block abstract AF_UNIX socket access.
Are there existing systemd features that can easily meet these needs?
See JoinsNamespaceOf= (systemd.unit(5)) whether it'd cover your usage. HTH, Michal