mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2025-01-12 16:45:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
No description
17 commits 607 branches 2 tags 230 MiB
Rust 95.6%
Python 1.9%
C 1.7%
Shell 0.5%
Find a file
Dylan Reid d6c579fcef io_jail: Add a wrapper around minijail 
The io_jail is used to jail io processes run from crosvm. Under the hood
it mostly configures a minijail jail to run in.  The minijail
restrictions are applied when iojail::enter is called.  This closes
extra FDs and calls minijail_enter.

The minijail_run* functions are left out as we don't have a need to exec
foreign programs.  libminijail will be used to jail separate processes
spawned from the main crosvm process.

The ability to close all open file descriptors is added.  Minijail only
closes FDs after forking and before exec.

Change-Id: Ida7f52022c934e9e6edeb7b604cd6e6399860cb9
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/505100
Reviewed-by: Zach Reizner <zachr@chromium.org>
2017-05-25 12:25:27 -07:00
io_jail io_jail: Add a wrapper around minijail 2017-05-25 12:25:27 -07:00
kernel_loader kernel_loader: Add loading of 64 bit elf x86 vmlinux 2017-05-17 19:06:31 -07:00
kvm kvm: Add reg setting to kvm 2017-05-11 22:27:38 -07:00
kvm_sys kvm-sys: rename to kvm_sys 2017-05-02 05:20:27 -07:00
sys_util sys_util: Add struct utils 2017-05-10 20:58:06 -07:00
x86_64 x86_64: Add x86_64 setup code 2017-05-12 20:58:07 -07:00
.gitignore Add editor temp files to .gitignore 2017-05-02 05:20:26 -07:00
LICENSE add LICENSE and README 2017-04-17 14:06:21 -07:00
README.md add LICENSE and README 2017-04-17 14:06:21 -07:00

README.md

Chrome OS KVM

This component, known as crosvm, runs untrusted operating systems along with virtualized devices. No actual hardware is emulated. This only runs VMs through the Linux's KVM interface. What makes crosvm unique is a focus on safety within the programming language and a sandbox around the virtual devices to protect the kernel from attack in case of an exploit in the devices.

Overview

The crosvm source code is organized into crates, each with their own unit tests. These crates are:

  • kvm-sys low-level (mostly) auto-generated structures and constants for using KVM
  • kvm unsafe, low-level wrapper code for using kvm-sys
  • crosvm the top-level binary front-end for using crosvm

Usage

Currently there is no front-end, so the best you can do is run cargo test in each crate.