Last week I played a bit with crosvm, a KVM monitor used within Chromium OS for application isolation. My goal is to learn more about the current limits of virtualization for isolating applications in mainline. Two of crosvm's defining characteristics is that it's written in Rust for increased security, and that uses namespaces extensively to reduce the attack surface of the monitor itself.

It was quite easy to get it running outside Chromium OS (have been testing with Fedora 26), with the only complication being that minijail isn't widely packaged in distros. In the instructions below we hack around the issue with linker environment variables so we don't have to install it properly. Instructions are in form of shell commands for illustrative purposes only.

Build kernel:

    $ cd ~/src
    $ git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
    $ cd linux
    $ git checkout v4.12
    $ make x86_64_defconfig
    $ make bzImage
    $ cd .. 

Build minijail:

    $ git clone https://android.googlesource.com/platform/external/minijail
    $ cd minijail
    $ make
    $ cd .. 

Build crosvm:

    $ git clone https://chromium.googlesource.com/a/chromiumos/platform/crosvm
    $ cd crosvm
    $ LIBRARY_PATH=~/src/minijail cargo build 

Generate rootfs:

    $ cd ~/src/crosvm
    $ dd if=/dev/zero of=rootfs.ext4 bs=1K count=1M
    $ mkfs.ext4 rootfs.ext4
    $ mkdir rootfs/
    $ sudo mount rootfs.ext4 rootfs/
    $ debootstrap testing rootfs/
    $ sudo umount rootfs/

Run crosvm:

    $ LD_LIBRARY_PATH=~/src/minijail ./target/debug/crosvm run -r rootfs.ext4 --seccomp-policy-dir=./seccomp/x86_64/ ~/src/linux/arch/x86/boot/compressed/vmlinux.bin

The work ahead includes figuring out the best way for Wayland clients in the guest interact with the compositor in the host, and also for guests to make efficient use of the GPU.

Original post