On Fri, Jan 28, 2022 at 6:04 PM Stefan Hajnoczi <stefanha@xxxxxxxxx> wrote: > > Dear QEMU, KVM, and rust-vmm communities, > QEMU will apply for Google Summer of Code 2022 > (https://summerofcode.withgoogle.com/) and has been accepted into > Outreachy May-August 2022 (https://www.outreachy.org/). You can now > submit internship project ideas for QEMU, KVM, and rust-vmm! > > If you have experience contributing to QEMU, KVM, or rust-vmm you can > be a mentor. It's a great way to give back and you get to work with > people who are just starting out in open source. > > Please reply to this email by February 21st with your project ideas. > > Good project ideas are suitable for remote work by a competent > programmer who is not yet familiar with the codebase. In > addition, they are: > - Well-defined - the scope is clear > - Self-contained - there are few dependencies > - Uncontroversial - they are acceptable to the community > - Incremental - they produce deliverables along the way > > Feel free to post ideas even if you are unable to mentor the project. > It doesn't hurt to share the idea! > I'd like to propose this idea: Title: Create encrypted storage using VM-based container runtimes Cryptsetup requires root privileges in order to be able to encrypt storage with luks. However, privileged containers are generally discouraged for security reasons. A possible solution to avoid extra privileges is using VM-based container runtimes (e.g crun with libkrun or kata-containers) and running inside the Virtual Machine the tools for the storage encryption. This internship focus on a PoC for integrating and extending crun with libkrun in order to be able to create encrypted storage. The initial step will focus on creating encrypted images to demonstrate the feasibility and the necessary changes in the stack. If the timeframe allows it, an interesting follow-up of the first step is the encryption of persistent storage using block-based PVCs. Language: C, rust, golang Skills: containers and virtualization would be a big plus I won't put a level but the intern needs to be willing to dig into different source codes like crun (written in C), libkrun (written in Rust) and possibly podman or other kubernetes/containers projects (written in go) Mentor: Alice Frosi, Co-mentor: Sergio Lopez Pascual Let me know if the idea sounds feasible to you! Many thanks, Alice
