From 5ffe206f723b24b6295e41c447f1da7a1ca603b3 Mon Sep 17 00:00:00 2001 From: Kyle Isom Date: Thu, 11 Jun 2026 00:47:17 -0700 Subject: [PATCH] straylight: grant mcp-agent KVM + tun access for unikernels Override the shared mcp.nix sandbox (PrivateDevices) on straylight so the MCP agent can boot Nanos unikernel VMs under QEMU/KVM and manage TAP devices for isolated networking. Co-Authored-By: Claude Opus 4.8 --- hw/straylight/default.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/hw/straylight/default.nix b/hw/straylight/default.nix index 01fff55..ad36e7b 100644 --- a/hw/straylight/default.nix +++ b/hw/straylight/default.nix @@ -1,4 +1,4 @@ -{ inputs, pkgs, ... }: +{ inputs, pkgs, lib, ... }: { imports = [ ./hardware-configuration.nix @@ -9,6 +9,19 @@ ]; config = { + # straylight is the unikernel host. The shared mcp.nix locks the agent + # down with PrivateDevices=true, which hides /dev/kvm and /dev/net/tun. + # Relax that here (only on straylight) so the agent can boot Nanos + # unikernel VMs under QEMU/KVM and (Phase 2) manage TAP devices. + systemd.services.mcp-agent.serviceConfig = { + PrivateDevices = lib.mkForce false; + DeviceAllow = [ "/dev/kvm rw" "/dev/net/tun rw" ]; + SupplementaryGroups = [ "kvm" ]; + AmbientCapabilities = [ "CAP_NET_ADMIN" ]; + }; + # Let the mcp user reach /dev/kvm directly as well. + users.users.mcp.extraGroups = [ "kvm" ]; + # Allow rootless containers (podman) to bind low ports (53 for MCNS, # 443/8443/9443 for mc-proxy) as straylight takes over the core role. boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 53;