Description
I'm hoping to use libkrun to build a simple sandboxing tool. I'm aware of the (awesome) virtio-fs mechanism for using a root fs on the host. My concern with that is that code within the guest could exhaust the disk space or inodes of the host, causing a denial-of-service. To mitigate that:
- I could look for platform-specific solutions to make that portion of the host filesystem
ro; or - I could remount
/asrofrom within the guest as part of bootstrapping.
I don't think either of these are ideal, since the first is not portable and the 2nd relies on the guest to do the right thing.
I was hoping to leverage krun_add_disk as a way to bring a disk image as the root filesystem. This way I could use something like EROFS that is natively read-only and is supported by the kernel.
Can the team offer some guidance on how we might go about supporting root filesystems from images like .erofs and/or ways of making the root filesystem read-only? I think doing disk usage quotas seems totally unrealistic, so read-only is where my mind is going to target this higher level of resource isolation.