feat(sec-257): vsock support + pool commands#5
Draft
jasonhernandez wants to merge 2 commits into
Draft
Conversation
jasonhernandez
changed the title
Add vsock device support across both Firecracker (Linux) and AVF (macOS) backends, enabling structured host↔guest communication over a Unix domain socket instead of SSH polling. CLI: `ember vm create myvm --image base --vsock` YAML config: `vsock: true` UDS created at: `<state_dir>/vms/<name>/vsock.sock` Linux (Firecracker): - New `PUT /vsock` API call with guest CID and UDS path - Firecracker natively creates the UDS and bridges to guest AF_VSOCK macOS (AVF): - VZVirtioSocketDeviceConfiguration added to VM config - ember-vz implements a UDS bridge: accepts host connections on the UDS and proxies them to guest vsock port 1024, and accepts guest-initiated connections on port 1024 and bridges them back to the UDS Both platforms expose the same UDS interface — Thermite's code path is identical regardless of the underlying hypervisor. Co-Authored-By: Claude <noreply@anthropic.com>
ember vm stop --all # stop all running VMs ember vm stop --all --force # SIGKILL all running VMs ember vm delete --all --force # stop + delete every VM Useful for cleanup and for ending all VMs (including non-pool control agent VMs that pool destroy doesn't touch). Co-Authored-By: Claude <noreply@anthropic.com>
jasonhernandez
force-pushed
the
feat/vsock
branch
from
f0329c3 to
34ed990
Compare
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two features for Thermite's Ember integration (SEC-257):
1. vsock: virtio-vsock for host-guest communication
--vsockflag onember vm create/ember vm forkandvsock: trueYAML configPUT /vsockAPI — UDS at<state_dir>/vms/<name>/vsock.sockVZVirtioSocketDeviceConfiguration+ ember-vz bidirectional UDS↔vsock bridge2. vm: --all flag for stop and delete
ember vm stop --allandember vm delete --allfor bulk cleanupnamebecomes optional when--allis usedFiles changed
crates/ember-core/src/state/vm.rsVsockInfostruct, field onVmMetadatacrates/ember-core/src/config/vm.rsvsock: Option<bool>in YAML configcrates/ember-linux/src/firecracker/api.rsVsocktype +put_vsock()crates/ember-linux/src/firecracker/config.rscrates/ember-linux/src/vm.rscrates/ember-macos/src/vm.rs--vsock-pathto ember-vzember-vz/Sources/EmberVZ/Start.swiftsrc/cli/vm.rs--vsockflag, vsock in inspect,--allfor stop/deleteRebased onto main after the ember-core/ember-linux/ember-macos workspace restructuring.
Test plan
cargo buildclean on macOScargo clippy --workspacecleancargo fmt -- --checkcleanember vm create test --image base --vsockcreates vsock.sockember vm stop --allstops all running VMsRefs: Thermite SEC-257, blocks SEC-254
🤖 Generated with Claude Code