[PATCH 1/2] host/rootfs: remove /proc/kcore bind mounts
Neither of these services run as root any more, so they don't have access to /proc/kcore any more regardless. (Also we don't have /proc/kcore on aarch64 so this previously errored there.) Fixes: 62590b8 ("host/rootfs: Sandbox crosvm") Fixes: ec47d36 ("host/rootfs: Sandbox Cloud Hypervisor") Signed-off-by: Alyssa Ross <hi@alyssa.is> --- .../service/vm-services/template/data/service/vhost-user-gpu/run | 1 - host/rootfs/image/usr/bin/run-vmm | 1 - 2 files changed, 2 deletions(-) diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run index b1f9bac..e063a82 100755 --- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run +++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run @@ -40,7 +40,6 @@ bwrap --tmpfs /proc/irq --remount-ro /proc/irq --ro-bind /dev/null /proc/timer_list - --ro-bind /dev/null /proc/kcore --ro-bind /dev/null /proc/kallsyms --ro-bind /dev/null /proc/sysrq-trigger -- diff --git a/host/rootfs/image/usr/bin/run-vmm b/host/rootfs/image/usr/bin/run-vmm index 0640239..e30b14c 100755 --- a/host/rootfs/image/usr/bin/run-vmm +++ b/host/rootfs/image/usr/bin/run-vmm @@ -113,7 +113,6 @@ bwrap --tmpfs /proc/irq --remount-ro /proc/irq --ro-bind /dev/null /proc/timer_list - --ro-bind /dev/null /proc/kcore --ro-bind /dev/null /proc/kallsyms --ro-bind /dev/null /proc/sysrq-trigger -- base-commit: 6ceeb9b236cc50d2bba90068533ca1b7ff229c8b -- 2.51.0
This is a legacy interface. I doubt anything in Spectrum depends on it. The previous approach of masking it out with Bubblewrap failed on aarch64, where it was already disabled in the kernel config. Fixes: 62590b8 ("host/rootfs: Sandbox crosvm") Fixes: ec47d36 ("host/rootfs: Sandbox Cloud Hypervisor") Signed-off-by: Alyssa Ross <hi@alyssa.is> --- This also means the floodgates are now open for any other rootfs kernel changes that anybody wants to propose. host/rootfs/default.nix | 6 +++++- .../vm-services/template/data/service/vhost-user-gpu/run | 2 -- host/rootfs/image/usr/bin/run-vmm | 2 -- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix index 66aa366..26757ef 100644 --- a/host/rootfs/default.nix +++ b/host/rootfs/default.nix @@ -49,7 +49,11 @@ let system.stateVersion = trivial.release; }); - kernel = linux_latest; + kernel = linux_latest.override { + structuredExtraConfig = with lib.kernel; { + SCSI_PROC_FS = no; + }; + }; appvm = callSpectrumPackage ../../img/app { inherit (foot) terminfo; }; netvm = callSpectrumPackage ../../vm/sys/net { inherit (foot) terminfo; }; diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run index e063a82..bdd842e 100755 --- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run +++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run @@ -31,8 +31,6 @@ bwrap --disable-userns --proc /proc --ro-bind /proc/sys /proc/sys - --tmpfs /proc/scsi - --remount-ro /proc/scsi --tmpfs /proc/acpi --remount-ro /proc/acpi --tmpfs /proc/fs diff --git a/host/rootfs/image/usr/bin/run-vmm b/host/rootfs/image/usr/bin/run-vmm index e30b14c..d71f7eb 100755 --- a/host/rootfs/image/usr/bin/run-vmm +++ b/host/rootfs/image/usr/bin/run-vmm @@ -104,8 +104,6 @@ bwrap --bind /run /run --proc /proc --ro-bind /proc/sys /proc/sys - --tmpfs /proc/scsi - --remount-ro /proc/scsi --tmpfs /proc/acpi --remount-ro /proc/acpi --tmpfs /proc/fs -- 2.51.0
On 12/15/25 07:27, Alyssa Ross wrote:
This is a legacy interface. I doubt anything in Spectrum depends on it. The previous approach of masking it out with Bubblewrap failed on aarch64, where it was already disabled in the kernel config.
Fixes: 62590b8 ("host/rootfs: Sandbox crosvm") Fixes: ec47d36 ("host/rootfs: Sandbox Cloud Hypervisor") Signed-off-by: Alyssa Ross <hi@alyssa.is> --- This also means the floodgates are now open for any other rootfs kernel changes that anybody wants to propose.
I'll start by disabling non-AF_UNIX, non-AF_NETLINK networking!
host/rootfs/default.nix | 6 +++++- .../vm-services/template/data/service/vhost-user-gpu/run | 2 -- host/rootfs/image/usr/bin/run-vmm | 2 -- 3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix index 66aa366..26757ef 100644 --- a/host/rootfs/default.nix +++ b/host/rootfs/default.nix @@ -49,7 +49,11 @@ let system.stateVersion = trivial.release; });
- kernel = linux_latest; + kernel = linux_latest.override { + structuredExtraConfig = with lib.kernel; { + SCSI_PROC_FS = no; + }; + };
appvm = callSpectrumPackage ../../img/app { inherit (foot) terminfo; }; netvm = callSpectrumPackage ../../vm/sys/net { inherit (foot) terminfo; }; diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run index e063a82..bdd842e 100755 --- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run +++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run @@ -31,8 +31,6 @@ bwrap --disable-userns --proc /proc --ro-bind /proc/sys /proc/sys - --tmpfs /proc/scsi - --remount-ro /proc/scsi --tmpfs /proc/acpi --remount-ro /proc/acpi --tmpfs /proc/fs diff --git a/host/rootfs/image/usr/bin/run-vmm b/host/rootfs/image/usr/bin/run-vmm index e30b14c..d71f7eb 100755 --- a/host/rootfs/image/usr/bin/run-vmm +++ b/host/rootfs/image/usr/bin/run-vmm @@ -104,8 +104,6 @@ bwrap --bind /run /run --proc /proc --ro-bind /proc/sys /proc/sys - --tmpfs /proc/scsi - --remount-ro /proc/scsi --tmpfs /proc/acpi --remount-ro /proc/acpi --tmpfs /proc/fs
Acked-by: Demi Marie Obenour <demiobenour@gmail.com> -- Sincerely, Demi Marie Obenour (she/her/hers)
On 12/15/25 07:27, Alyssa Ross wrote:
Neither of these services run as root any more, so they don't have access to /proc/kcore any more regardless. (Also we don't have /proc/kcore on aarch64 so this previously errored there.)
Fixes: 62590b8 ("host/rootfs: Sandbox crosvm") Fixes: ec47d36 ("host/rootfs: Sandbox Cloud Hypervisor") Signed-off-by: Alyssa Ross <hi@alyssa.is> --- .../service/vm-services/template/data/service/vhost-user-gpu/run | 1 - host/rootfs/image/usr/bin/run-vmm | 1 - 2 files changed, 2 deletions(-)
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run index b1f9bac..e063a82 100755 --- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run +++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run @@ -40,7 +40,6 @@ bwrap --tmpfs /proc/irq --remount-ro /proc/irq --ro-bind /dev/null /proc/timer_list - --ro-bind /dev/null /proc/kcore --ro-bind /dev/null /proc/kallsyms --ro-bind /dev/null /proc/sysrq-trigger -- diff --git a/host/rootfs/image/usr/bin/run-vmm b/host/rootfs/image/usr/bin/run-vmm index 0640239..e30b14c 100755 --- a/host/rootfs/image/usr/bin/run-vmm +++ b/host/rootfs/image/usr/bin/run-vmm @@ -113,7 +113,6 @@ bwrap --tmpfs /proc/irq --remount-ro /proc/irq --ro-bind /dev/null /proc/timer_list - --ro-bind /dev/null /proc/kcore --ro-bind /dev/null /proc/kallsyms --ro-bind /dev/null /proc/sysrq-trigger --
base-commit: 6ceeb9b236cc50d2bba90068533ca1b7ff229c8b
/proc/sysrq-trigger and /proc/timer_list can also be dropped, as they are not accessible to unprivileged users. With or without that change: Reviewed-by: Demi Marie Obenour <demiobenour@gmail.com> -- Sincerely, Demi Marie Obenour (she/her/hers)
Demi Marie Obenour <demiobenour@gmail.com> writes:
On 12/15/25 07:27, Alyssa Ross wrote:
Neither of these services run as root any more, so they don't have access to /proc/kcore any more regardless. (Also we don't have /proc/kcore on aarch64 so this previously errored there.)
Fixes: 62590b8 ("host/rootfs: Sandbox crosvm") Fixes: ec47d36 ("host/rootfs: Sandbox Cloud Hypervisor") Signed-off-by: Alyssa Ross <hi@alyssa.is> --- .../service/vm-services/template/data/service/vhost-user-gpu/run | 1 - host/rootfs/image/usr/bin/run-vmm | 1 - 2 files changed, 2 deletions(-)
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run index b1f9bac..e063a82 100755 --- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run +++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run @@ -40,7 +40,6 @@ bwrap --tmpfs /proc/irq --remount-ro /proc/irq --ro-bind /dev/null /proc/timer_list - --ro-bind /dev/null /proc/kcore --ro-bind /dev/null /proc/kallsyms --ro-bind /dev/null /proc/sysrq-trigger -- diff --git a/host/rootfs/image/usr/bin/run-vmm b/host/rootfs/image/usr/bin/run-vmm index 0640239..e30b14c 100755 --- a/host/rootfs/image/usr/bin/run-vmm +++ b/host/rootfs/image/usr/bin/run-vmm @@ -113,7 +113,6 @@ bwrap --tmpfs /proc/irq --remount-ro /proc/irq --ro-bind /dev/null /proc/timer_list - --ro-bind /dev/null /proc/kcore --ro-bind /dev/null /proc/kallsyms --ro-bind /dev/null /proc/sysrq-trigger --
base-commit: 6ceeb9b236cc50d2bba90068533ca1b7ff229c8b
/proc/sysrq-trigger and /proc/timer_list can also be dropped, as they are not accessible to unprivileged users.
And what about the others? I see systemd just makes them all read-only — is that only to protect against root? Do we still need to hide /proc/sys, /proc/scsi, /proc/acpi, /proc/fs, and /proc/irq? The only entry I see that's writable by non-root in any of those on my NixOS system is /proc/sys/kernel/ns_last_pid, which doesn't look very harmful…
Alyssa Ross <hi@alyssa.is> writes:
Demi Marie Obenour <demiobenour@gmail.com> writes:
On 12/15/25 07:27, Alyssa Ross wrote:
Neither of these services run as root any more, so they don't have access to /proc/kcore any more regardless. (Also we don't have /proc/kcore on aarch64 so this previously errored there.)
Fixes: 62590b8 ("host/rootfs: Sandbox crosvm") Fixes: ec47d36 ("host/rootfs: Sandbox Cloud Hypervisor") Signed-off-by: Alyssa Ross <hi@alyssa.is> --- .../service/vm-services/template/data/service/vhost-user-gpu/run | 1 - host/rootfs/image/usr/bin/run-vmm | 1 - 2 files changed, 2 deletions(-)
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run index b1f9bac..e063a82 100755 --- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run +++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run @@ -40,7 +40,6 @@ bwrap --tmpfs /proc/irq --remount-ro /proc/irq --ro-bind /dev/null /proc/timer_list - --ro-bind /dev/null /proc/kcore --ro-bind /dev/null /proc/kallsyms --ro-bind /dev/null /proc/sysrq-trigger -- diff --git a/host/rootfs/image/usr/bin/run-vmm b/host/rootfs/image/usr/bin/run-vmm index 0640239..e30b14c 100755 --- a/host/rootfs/image/usr/bin/run-vmm +++ b/host/rootfs/image/usr/bin/run-vmm @@ -113,7 +113,6 @@ bwrap --tmpfs /proc/irq --remount-ro /proc/irq --ro-bind /dev/null /proc/timer_list - --ro-bind /dev/null /proc/kcore --ro-bind /dev/null /proc/kallsyms --ro-bind /dev/null /proc/sysrq-trigger --
base-commit: 6ceeb9b236cc50d2bba90068533ca1b7ff229c8b
/proc/sysrq-trigger and /proc/timer_list can also be dropped, as they are not accessible to unprivileged users.
And what about the others? I see systemd just makes them all read-only — is that only to protect against root? Do we still need to hide /proc/sys, /proc/scsi, /proc/acpi, /proc/fs, and /proc/irq? The only entry I see that's writable by non-root in any of those on my NixOS system is /proc/sys/kernel/ns_last_pid, which doesn't look very harmful…
I'm just going to drop the /proc/scsi bind mount as well for now to fix aarch64, but if you still think it's necessary we can instead do the kernel config change.
Alyssa Ross <hi@alyssa.is> writes:
Alyssa Ross <hi@alyssa.is> writes:
Demi Marie Obenour <demiobenour@gmail.com> writes:
On 12/15/25 07:27, Alyssa Ross wrote:
Neither of these services run as root any more, so they don't have access to /proc/kcore any more regardless. (Also we don't have /proc/kcore on aarch64 so this previously errored there.)
Fixes: 62590b8 ("host/rootfs: Sandbox crosvm") Fixes: ec47d36 ("host/rootfs: Sandbox Cloud Hypervisor") Signed-off-by: Alyssa Ross <hi@alyssa.is> --- .../service/vm-services/template/data/service/vhost-user-gpu/run | 1 - host/rootfs/image/usr/bin/run-vmm | 1 - 2 files changed, 2 deletions(-)
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run index b1f9bac..e063a82 100755 --- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run +++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run @@ -40,7 +40,6 @@ bwrap --tmpfs /proc/irq --remount-ro /proc/irq --ro-bind /dev/null /proc/timer_list - --ro-bind /dev/null /proc/kcore --ro-bind /dev/null /proc/kallsyms --ro-bind /dev/null /proc/sysrq-trigger -- diff --git a/host/rootfs/image/usr/bin/run-vmm b/host/rootfs/image/usr/bin/run-vmm index 0640239..e30b14c 100755 --- a/host/rootfs/image/usr/bin/run-vmm +++ b/host/rootfs/image/usr/bin/run-vmm @@ -113,7 +113,6 @@ bwrap --tmpfs /proc/irq --remount-ro /proc/irq --ro-bind /dev/null /proc/timer_list - --ro-bind /dev/null /proc/kcore --ro-bind /dev/null /proc/kallsyms --ro-bind /dev/null /proc/sysrq-trigger --
base-commit: 6ceeb9b236cc50d2bba90068533ca1b7ff229c8b
/proc/sysrq-trigger and /proc/timer_list can also be dropped, as they are not accessible to unprivileged users.
And what about the others? I see systemd just makes them all read-only — is that only to protect against root? Do we still need to hide /proc/sys, /proc/scsi, /proc/acpi, /proc/fs, and /proc/irq? The only entry I see that's writable by non-root in any of those on my NixOS system is /proc/sys/kernel/ns_last_pid, which doesn't look very harmful…
I'm just going to drop the /proc/scsi bind mount as well for now to fix aarch64, but if you still think it's necessary we can instead do the kernel config change.
(and same with /proc/acpi, now done)
On 12/16/25 04:55, Alyssa Ross wrote:
Demi Marie Obenour <demiobenour@gmail.com> writes:
On 12/15/25 07:27, Alyssa Ross wrote:
Neither of these services run as root any more, so they don't have access to /proc/kcore any more regardless. (Also we don't have /proc/kcore on aarch64 so this previously errored there.)
Fixes: 62590b8 ("host/rootfs: Sandbox crosvm") Fixes: ec47d36 ("host/rootfs: Sandbox Cloud Hypervisor") Signed-off-by: Alyssa Ross <hi@alyssa.is> --- .../service/vm-services/template/data/service/vhost-user-gpu/run | 1 - host/rootfs/image/usr/bin/run-vmm | 1 - 2 files changed, 2 deletions(-)
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run index b1f9bac..e063a82 100755 --- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run +++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run @@ -40,7 +40,6 @@ bwrap --tmpfs /proc/irq --remount-ro /proc/irq --ro-bind /dev/null /proc/timer_list - --ro-bind /dev/null /proc/kcore --ro-bind /dev/null /proc/kallsyms --ro-bind /dev/null /proc/sysrq-trigger -- diff --git a/host/rootfs/image/usr/bin/run-vmm b/host/rootfs/image/usr/bin/run-vmm index 0640239..e30b14c 100755 --- a/host/rootfs/image/usr/bin/run-vmm +++ b/host/rootfs/image/usr/bin/run-vmm @@ -113,7 +113,6 @@ bwrap --tmpfs /proc/irq --remount-ro /proc/irq --ro-bind /dev/null /proc/timer_list - --ro-bind /dev/null /proc/kcore --ro-bind /dev/null /proc/kallsyms --ro-bind /dev/null /proc/sysrq-trigger --
base-commit: 6ceeb9b236cc50d2bba90068533ca1b7ff229c8b
/proc/sysrq-trigger and /proc/timer_list can also be dropped, as they are not accessible to unprivileged users.
And what about the others? I see systemd just makes them all read-only — is that only to protect against root? Do we still need to hide /proc/sys, /proc/scsi, /proc/acpi, /proc/fs, and /proc/irq? The only entry I see that's writable by non-root in any of those on my NixOS system is /proc/sys/kernel/ns_last_pid, which doesn't look very harmful…
I think it is indeed to protect against root. In particular, some container runtimes try to maintain a security boundary even when user namespaces are not in use. /proc/sys/kernel/ns_last_pid is indeed harmless. -- Sincerely, Demi Marie Obenour (she/her/hers)
This patch has been committed as 8dfd042c2cf64f53cfd39a24697a20e585ad1b6c, which can be viewed online at https://spectrum-os.org/git/spectrum/commit/?id=8dfd042c2cf64f53cfd39a24697a.... This is an automated message. Send comments/questions/requests to: Alyssa Ross <hi@alyssa.is>
participants (3)
-
Alyssa Ross -
Alyssa Ross -
Demi Marie Obenour