gvisor icon indicating copy to clipboard operation
gvisor copied to clipboard
verified publisher icon google

Allow sandboxed containers to use KVM

Open DemiMarie opened this issue 5 months ago • 2 comments

Description

Some workloads that one wants to sandbox themselves create virtual machines using KVM. Ideally, gVisor would support this.

Is this feature related to a specific bug?

No.

Do you have a specific solution in mind?

gVisor could expose a mediated /dev/kvm into the container, with strict validation to ensure that /dev/kvm is only used in valid ways.

DemiMarie avatar Jul 23 '25 03:07 DemiMarie

strict validation to ensure that /dev/kvm is only used in valid ways

Can you describe what that would look like? Are you thinking of something like nvproxy where gVisor is aware of the ABI and forwards it to the host?

Might be difficult to implement securely with gVisor's KVM platform, where interaction with the host kernel's KVM device may expose more of the host kernel syscall surface than one may be comfortable with, given the strong dependence on the security and integrity of KVM when relying on it as a platform.

EtiennePerot avatar Jul 24 '25 00:07 EtiennePerot

strict validation to ensure that /dev/kvm is only used in valid ways

Can you describe what that would look like? Are you thinking of something like nvproxy where gVisor is aware of the ABI and forwards it to the host?

For the non-KVM platforms, yes. For the KVM platform, either this or nested virt could be used.

Might be difficult to implement securely with gVisor's KVM platform, where interaction with the host kernel's KVM device may expose more of the host kernel syscall surface than one may be comfortable with, given the strong dependence on the security and integrity of KVM when relying on it as a platform.

I don't think whether KVM is used by gVisor itself matters here.

DemiMarie avatar Jul 24 '25 17:07 DemiMarie