On Thu, 17 Feb 2022 at 07:08, Alice Frosi <afrosi@xxxxxxxxxx> wrote: > > On Fri, Jan 28, 2022 at 6:04 PM Stefan Hajnoczi <stefanha@xxxxxxxxx> wrote: > > > > Dear QEMU, KVM, and rust-vmm communities, > > QEMU will apply for Google Summer of Code 2022 > > (https://summerofcode.withgoogle.com/) and has been accepted into > > Outreachy May-August 2022 (https://www.outreachy.org/). You can now > > submit internship project ideas for QEMU, KVM, and rust-vmm! > > > > If you have experience contributing to QEMU, KVM, or rust-vmm you can > > be a mentor. It's a great way to give back and you get to work with > > people who are just starting out in open source. > > > > Please reply to this email by February 21st with your project ideas. > > > > Good project ideas are suitable for remote work by a competent > > programmer who is not yet familiar with the codebase. In > > addition, they are: > > - Well-defined - the scope is clear > > - Self-contained - there are few dependencies > > - Uncontroversial - they are acceptable to the community > > - Incremental - they produce deliverables along the way > > > > Feel free to post ideas even if you are unable to mentor the project. > > It doesn't hurt to share the idea! > > > > I'd like to propose this idea: > > Title: Create encrypted storage using VM-based container runtimes > > Cryptsetup requires root privileges in order to be able to encrypt > storage with luks. However, privileged containers are generally > discouraged for security reasons. A possible solution to avoid extra > privileges is using VM-based container runtimes (e.g crun with libkrun > or kata-containers) and running inside the Virtual Machine the tools > for the storage encryption. > > This internship focus on a PoC for integrating and extending crun with > libkrun in order to be able to create encrypted storage. The initial > step will focus on creating encrypted images to demonstrate the > feasibility and the necessary changes in the stack. If the timeframe > allows it, an interesting follow-up of the first step is the > encryption of persistent storage using block-based PVCs. > > Language: C, rust, golang > Skills: containers and virtualization would be a big plus > I won't put a level but the intern needs to be willing to dig into > different source codes like crun (written in C), libkrun (written in > Rust) and possibly podman or other kubernetes/containers projects > (written in go) > Mentor: Alice Frosi, Co-mentor: Sergio Lopez Pascual > > Let me know if the idea sounds feasible to you! Thanks, I have added the idea: https://wiki.qemu.org/Google_Summer_of_Code_2022#Create_encrypted_storage_using_VM-based_container_runtimes Stefan
