android_packages_modules_Virtualization

Commit Graph

Author	SHA1	Message	Date
David Brazdil	4b4c510ffb	Start using virtmgr for running VMs Make the final changes to start running VMs using virtmgr: * Have virtualizationservice host the VirtualizationServiceInternal AIDL service. * Remove memlock rlimit of virtmgr (instead of virtualizationservice) via a method on VirtualizationServiceInternal. * Have VirtualizationServiceInternal create the VM's temporary folder and change its owner to the client's UID. The files keep the same virtualizationservice_data_file SELinux label, but are now owned by the client's virtmgr instance. To this end, virtualizationservice requires CAP_CHOWN. * Switch all users to the new vmclient/javalib API for spawning virtmgr. Bug: 245727626 Test: atest -p packages/modules/Virtualization:avf-presubmit Change-Id: I93b2cadb67a8c125e1a86f9c1ba9cb98336f0cd4	2023-01-05 10:31:00 +00:00
David Brazdil	533e34376b	Remove CAP_IPC_LOCK from crosvm, use CAP_SYS_RESOURCE on VS Crosvm currently has a capability that allows it to mlock() unlimited amounts of RAM, necessary for running protected VMs. This mechanims is not compatible with switching to crosvm as a child process, so replace it with setrlimit from virtualizationservice. The limit is set to RLIM_INFINITY to preserve the original property. Bug: 204298056 Bug: 245727626 Test: atest MicrodroidTestApp Change-Id: Iec393f5c0548f7eac1ba162214b57350d8328637	2022-11-10 16:37:24 +00:00
Andrew Walbran	88b3468472	Grant crosvm CAP_IPC_LOCK via filesystem config. Bug: 204298056 Test: Ran test VM, checked /proc/$PID/status of crosvm for CapEff. Change-Id: I5fd105ac9f4a0bf50b16bfe5e68698245c0f8885	2021-12-22 13:20:23 +00:00

Author

SHA1

Message

Date

David Brazdil

4b4c510ffb

Start using virtmgr for running VMs

Make the final changes to start running VMs using virtmgr:

  * Have virtualizationservice host the VirtualizationServiceInternal
    AIDL service.

  * Remove memlock rlimit of virtmgr (instead of virtualizationservice)
    via a method on VirtualizationServiceInternal.

  * Have VirtualizationServiceInternal create the VM's temporary folder
    and change its owner to the client's UID. The files keep the same
    virtualizationservice_data_file SELinux label, but are now owned by
    the client's virtmgr instance. To this end, virtualizationservice
    requires CAP_CHOWN.

  * Switch all users to the new vmclient/javalib API for spawning
    virtmgr.

Bug: 245727626
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: I93b2cadb67a8c125e1a86f9c1ba9cb98336f0cd4

2023-01-05 10:31:00 +00:00

David Brazdil

533e34376b

Remove CAP_IPC_LOCK from crosvm, use CAP_SYS_RESOURCE on VS

Crosvm currently has a capability that allows it to mlock() unlimited
amounts of RAM, necessary for running protected VMs. This mechanims is
not compatible with switching to crosvm as a child process, so replace
it with setrlimit from virtualizationservice. The limit is set to
RLIM_INFINITY to preserve the original property.

Bug: 204298056
Bug: 245727626
Test: atest MicrodroidTestApp
Change-Id: Iec393f5c0548f7eac1ba162214b57350d8328637

2022-11-10 16:37:24 +00:00

Andrew Walbran

88b3468472

Grant crosvm CAP_IPC_LOCK via filesystem config.

Bug: 204298056
Test: Ran test VM, checked /proc/$PID/status of crosvm for CapEff.
Change-Id: I5fd105ac9f4a0bf50b16bfe5e68698245c0f8885

2021-12-22 13:20:23 +00:00

3 Commits