libvirt users - Mar 2015 - Unable to start sandbox: Kernel module dir /lib/modules/3.18.5-x86_64-linode52/kernel does not exist

Dear all,

I have been trying to set up the set up Libvirt Sandbox without success.

I want to use virt-sandbox in order to run untrusted programs in a secure
environment. I am had no knowledge about virtualization until a couple of
days ago, so I am probably doing something wrong.

The scenario is the following:
Linode instance. OS that I have tried: Ubuntu 14.04, Ubuntu 14, Fedora 21.
Both compiling from source and installing the pre-compiled packages. But I
always reach the same error:

"""

$ virt-sandbox -c qemu:///session  /bin/date

Unable to start sandbox: Kernel module dir
/lib/modules/3.18.5-x86_64-linode52/kernel does not exist

"""

I have been told by the guys of Linode that:

"The kernels we use are completely compiled and do not utilize modules. In
addition, the kernels are loaded from the host rather than the /boot
directory"

Any hints to solve this issue? Is the only solution to compile my own
kernel?

Also, if I decide to use a service like Linode, AWS, Digital Ocean...then
the server that I would be using would be already a virtual server. Is it a
problem to run virt-sandbox within a server which is already a virtual
server?

Thanks a lot!

On Fri, Mar 06, 2015 at 10:38:16PM -0500, Adam Smith
wrote:
> Dear all,
> 
> I have been trying to set up the set up Libvirt Sandbox without success.
> 
> I want to use virt-sandbox in order to run untrusted programs in a secure
> environment. I am had no knowledge about virtualization until a couple of
> days ago, so I am probably doing something wrong.
> 
> The scenario is the following:
> Linode instance. OS that I have tried: Ubuntu 14.04, Ubuntu 14, Fedora 21.
> Both compiling from source and installing the pre-compiled packages. But I
> always reach the same error:
> 
> """
> 
> $ virt-sandbox -c qemu:///session  /bin/date
> 
> Unable to start sandbox: Kernel module dir
> /lib/modules/3.18.5-x86_64-linode52/kernel does not exist
> 
> """
> 
> I have been told by the guys of Linode that:
> 
> "The kernels we use are completely compiled and do not utilize
modules. In
> addition, the kernels are loaded from the host rather than the /boot
> directory"
> 
> Any hints to solve this issue? Is the only solution to compile my own
> kernel?
No need to compile a kernel - you should still be able to install the
regular kernel DPKG from Ubuntu repositories. Then you just have to
tell libvirt-sandbox to use that - see the '--kernver',
'--kernpath'
and '--kmodpath' command line arguments described in the virt-sandbox
manpage.
> Also, if I decide to use a service like Linode, AWS, Digital Ocean...then
> the server that I would be using would be already a virtual server. Is it a
> problem to run virt-sandbox within a server which is already a virtual
> server?
I'm assuming that Linode do /not/ enable use of nested KVM, so either you
will have to use plain QEMU which will be slower, or you will have to use
LXC which will be fast but not secure against determined malicious code.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|