linuxkit/contrib/crosvm

The Chrome OS Virtual Machine Monitor crosvm is a lightweight VMM written in Rust. It runs on top of KVM and optionally runs the device models in separate processes isolated with seccomp profiles.

Build/Install

The Makefile and Dockerfile compile crosvm and a suitable version of libminijail. To build:

make

You should end up with a crosvm and libminijail.so binaries as well as the seccomp profiles in ./build. Copy libminijail.so to /usr/lib or wherever ldd picks it up. You may also need libcap (on Ubuntu or Debian apt-get install -y libcap-dev).

You may also have to create an empty directory /var/empty.

Use with LinuxKit images

You can build a LinuxKit image suitable for crosvm with the kernel+squashfs build format. For example, using minimal.yml from the ./examples directory, run (but also see the known issues):

linuxkit build -format kernel+squashfs -decompress-kernel minimal.yml

The -vmlinux switch is needed since crosvm does not grok compressed linux kernel images.

Then you can run crosvm:

crosvm run --disable-sandbox \
    --root ./minimal-squashfs.img \
    --mem 2048 \
    --socket ./linuxkit-socket \
    minimal-kernel

Known issues

• With 4.14.x, a BUG_ON() is hit in drivers/base/driver.c. 4.9.x kernels seem to work.
• With the latest version, I don't seem to get a interactive console.
• Networking does not yet work, so don't include a onboot dhcpd service.
• poweroff from the command line does not work (crosvm does not seem to support ACPI). So to stop a VM you can use the control socket and: ./crosvm stop ./linuxkit-socket
• crosvm and its dependencies compile on arm64 but crosvm seems to lack support for setting op the IRQ chip on the system I tested. I got: failed to create in-kernel IRQ chip: CreateGICFailure(Error(19)).