Create sandbox for host file system access #783

n0toose · 2024-11-05T19:42:15Z

Add UhyveFileMap structure that maps guest and host paths, unit tests
Add integration tests and unit tests
Sandbox uhyvelib::hypercall::open and uhyvelib::hypercall:unlink

codecov · 2024-11-05T19:45:35Z

Codecov Report

Attention: Patch coverage is 89.38356% with 31 lines in your changes missing coverage. Please review.

Project coverage is 71.51%. Comparing base (cac2c34) to head (75fba18).
Report is 13 commits behind head on main.

Files with missing lines	Patch %	Lines
src/hypercall.rs	66.66%	17 Missing ⚠️
src/linux/x86_64/kvm_cpu.rs	54.54%	5 Missing ⚠️
src/vm.rs	44.44%	5 Missing ⚠️
src/bin/uhyve.rs	0.00%	3 Missing ⚠️
src/isolation.rs	99.53%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #783      +/-   ##
==========================================
+ Coverage   68.99%   71.51%   +2.52%     
==========================================
  Files          20       21       +1     
  Lines        2761     3037     +276     
==========================================
+ Hits         1905     2172     +267     
- Misses        856      865       +9

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

src/vm.rs

src/hypercall.rs

src/isolation.rs

src/params.rs

src/vm.rs

src/isolation.rs

src/bin/uhyve.rs

src/isolation.rs

uhyve-interface/src/parameters.rs

* Add --mount parameter for "whitelisting" guest_paths and defining their respective filesystem paths on the host FS * Add UhyveFileMap structure * Add sandbox support to open() syscall A few points that could be further worked are unit tests, handling more of the parsing using the clap library directly and performance optimizations. Helped-by: Çağatay Yiğit Şahin <[email protected]> Helped-by: Jonathan Klimt <[email protected]> Co-authored-by: Jonathan Klimt <[email protected]>

Introduces a test for UhyveFileMap and adjusts existing tests accordingly.

- Rename file_map to mount - Temporarily remove short parameter - Temporarily remove environment variable - Don't split file_map params with commas - Change documentation, remove references to file_map variable - Minor improvements to tests

This commit modifies existing tests to support this new feature. An additional measure of modifying sysopen.flags was also introduced. Co-authored-by: Jonathan Klimt <[email protected]>

Also removes the "Introduction" header, as the header takes more space than the text itself now. Originally introduced in e7869a9.

Co-authored-by: Jonathan Klimt <[email protected]>

... as it was deemed unnecessary and redundant. The tests were also modified accordingly.

Depending on the error, we return EINVAL (like in the kernel itself) when O_DIRECTORY is used together with O_CREAT, EIO when the kernel requests to open a file that does not have a UTF-8 filename, and -ENOENT when the file is not present in the file map. The sysopen flags were moved to uhyve-interface for now.

new_file_test now runs a kernel called open_close_file, which attempts to open foo.txt, write to it, then closes the file, and attempts to open it again so as to read from it. This is more of a workaround because of the fact that we cannot read the temporary file easily, but it should work just as well and expand the test's coverage to "reading the contents of a file that is a temporary file on the host filesystem".

If the guest path is part of a directory that is not mapped, we'll recursively look for the parent directories and check if the parent directories are mapped. If that's the case, we'll use the file in the mapped host directory instead. This feature also comes with a unit test. We partially rely on PathBuf to prevent any funny behavior from taking place. A current flaw of this approach is that the filename that can be found in the OpenParams struct is "relative" instead of absolute, and providing paths that are otherwise whitelisted (e.g. "/root/file.txt" instead of "file.txt") will result in the map not return a result.

Tests and documentation was also amended accordingly.

jounathaen · 2024-11-28T17:10:30Z

Thank you for this big contribution! 👍

This comment was marked as outdated.

Sign in to view

n0toose force-pushed the sandbox-uhyvefilemap branch from a8ff49a to 38e7e46 Compare November 5, 2024 19:52

n0toose commented Nov 5, 2024

View reviewed changes

src/vm.rs Outdated Show resolved Hide resolved

n0toose changed the title ~~feat(sandbox): Add UhyveFileMap structure and sandbox~~ Create sandbox for host file system access Nov 5, 2024