But we couldn't get the mouse to work due to some bug. Keyboard and mouse input is supported by crosvm natively using -display-window-keyboard and -display-window-mouse. This isn't the ideal way to do this at all, but this is just a workaround for the demo till emulated audio (ac97) works in linux host ( Issue). The simplest way to do this is to set the PULSE_SERVER environment variable inside the VM to connect to the host pulse auido server. Sound is sent from the guest over TCP socket to pulseaudio on the host. This can be extended to support images, files, etc. Similarly for ctrl+c the host requests the clipboard from the guest and the content is copied to the hosts clipboard. When the user presses ctrl+v and the app window is focused, the host sends the clipboard content from the host to the guest agent and the agent simulates the same key combination on the guest. This approach provided a lot of inspiration for the end outcome, but didn't fit into the isolation requirements we had.Ĭlipboard is sent to the guest only when needed. These VMMs are derived/forked from crosvm and are built to run on linux without any tweaks and were very tempting to use, but they lack virtio-gpu support and the only way to run GUI apps was to run a nested X server like x11docker. Using firecracker/cloud hypervisor with nested X server Wayland is designed with security in mind, but using virtio-wl/virtio-gpu with wl context still extends the attack surface to the wayland server and GPU DRM drivers.ī. Plus there is a subjective security concern towards exposing wayland server to the untrusted VM. But it needs the guest to use chromium kernel or virtio-gpu with wayland context which hasn't been merged into the kernel yet. GUI virtualization was already possible using virtio-wl. Other approaches we considered for display output: This doesn't work with OS virtualization yet. The guest agent resizes the application in the VM on resizing the host window. This will in future allow for near native GPU performance for apps (and games) using hardware assisted virtualization. We went with this approach as it meant the least attack surface and will work with mediated GPU pass-through using something like libVF.IO for our application and OS VMs. OS VMs can run any Wayland/Xorg DE just like in QEMU. Running crosvm with "-gpu" flag opens an XWindow which displays the GPU buffer shared with the VM.Īpps run in an ubuntu VM running i3wm under Xorg with configuration tweaked to run borderless for now. We used virtio-gpu device on the host with Virtual display to get a display output from the VM. Now let's look at how we got the individual components working under linux. We also built a guest agent in rust that communicates over vsock to support window resizing and clipboard support. We start crosvm programmatically by importing it as module in our rust wrapper (open-vmm). But thanks spectrum os mailing list, crosvm's documentation and past experience from making this PoC using QEMU, we were able to get it to work. This is so because crosvm was built initially for use in chromium os. Its looks fairly straightforward, but getting it to work under linux wasn't. shared-dir shared:shared:type=fs \ # Shared folder (virtiofs)īzImage # Kernel Example for running crosvm display-window-keyboard \ # Keyboard input etc/pulse/default.pa (Authenticate IP of your docker0 interface over TCP)īefore going into the details of how everything works in this PoC, lets look at an example of how to start a VM in crosvm crosvm run -c 8 -m 4096 \ # vCPU, Memory If you want audio in the demo, modify pulseaudio server config on the host to accept TCP connections from the VM and restart it using ` systemctl restart pulseaudio` load-module module-native-protocol-tcp auth-ip-acl=172.17.0.1/24 Clone the repository: $ git clone & cd demo-openvmm-1Ģ. If you want to run the demo, ensure you have docker and git installed.ġ. It is very unlikely to break your system, as the demo is entirely containerized, but it is possible. So please bear in mind that it is buggy in more than a few places and endless optimizations away from being performant and lightweight. Disclaimer: This is a work in progress and only meant to a proof of concept. We are now able to virtualize GUI apps and OS in linux by modifying crosvm, a fantastic rust based open-source VMM, and wanted to share how we did it. While QEMU is still the leading choice for an open source VMM (Virtual Machine Manager), a rust alternative could be great for security and we wanted to give it a shot.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |