Spidermonkey under pure kvm

[xmi...@gmail.com]

Hi Gentlemen,
I write a web server in c and I have to include server side c and javascript programming possibility. Due to security reason they must run under absolute control, so I would like apply spidermonkey under kvm directly. Every logins run in separated kvm and the c and javascrip are separated from each other, too. I have an interface system for kvm c processes.
Is there any implementation or sample for spidermonkey?
Or it have to develop as new a project?
In this case can I get the list of required interfaces of spidermonkey to system?
Or any advice?
Thanks, Miki.

[Jason Orendorff]

Hi, Miki. This sounds like a new project to me.

To see the system interfaces SM uses, a dumb trick you can do is search the
codebase for XP_WIN, which is usually present in places where we have
system-specific #ifdefs:
https://searchfox.org/mozilla-central/search?q=XP_WIN&path=js%2Fsrc
https://searchfox.org/mozilla-central/search?q=XP_WIN&path=mfbt

It's not that bad. Still, naively, I would consider designing this
differently, to avoid having to implement an operating system. Suppose you
use a stripped-down Linux as your OS, or use containers instead of KVM.
Then all of the above #ifdefs and mmap calls will Just Work.

And, you'll still have plenty of work to do, assuming your sandboxed JS VMs
need to communicate with the more-privileged host process. We have that
need inside Firefox, where untrusted, sandboxed web site processes need to
send messages, sometimes containing arbitrary JS data, to a parent process
that has access to all the user data. We use StructuredClone.h <
https://searchfox.org/mozilla-central/source/js/public/StructuredClone.h>
for serialization, and the code in dom/ipc for comm <
https://searchfox.org/mozilla-central/source/dom/ipc>; you can implement
something simpler, but it is nontrivial.

-j