Allow sandboxed containers to use KVM

[DemiMarie]

Description

Some workloads that one wants to sandbox themselves create virtual machines using KVM. Ideally, gVisor would support this.

Is this feature related to a specific bug?

No.

Do you have a specific solution in mind?

gVisor could expose a mediated /dev/kvm into the container, with strict validation to ensure that /dev/kvm is only used in valid ways.

[EtiennePerot]

strict validation to ensure that /dev/kvm is only used in valid ways

Can you describe what that would look like? Are you thinking of something like nvproxy where gVisor is aware of the ABI and forwards it to the host?

Might be difficult to implement securely with gVisor's KVM platform, where interaction with the host kernel's KVM device may expose more of the host kernel syscall surface than one may be comfortable with, given the strong dependence on the security and integrity of KVM when relying on it as a platform.

[DemiMarie]

strict validation to ensure that /dev/kvm is only used in valid ways

Can you describe what that would look like? Are you thinking of something like nvproxy where gVisor is aware of the ABI and forwards it to the host?

For the non-KVM platforms, yes. For the KVM platform, either this or nested virt could be used.

Might be difficult to implement securely with gVisor's KVM platform, where interaction with the host kernel's KVM device may expose more of the host kernel syscall surface than one may be comfortable with, given the strong dependence on the security and integrity of KVM when relying on it as a platform.

I don't think whether KVM is used by gVisor itself matters here.