Introduction to User-Mode Linux 32
developerWorks writes "Ever wish you had a place to let your Linux applications play -- where they wouldn't hurt anything else? Do your killer apps spend too much time killing each other? Originally conceived as a kernel developer's tool, UML lets you set up multiple virtual machines that are isolated from each other and from the hardware. Now, you can test applications all the way to failure without breaking the host system -- or even requiring a reboot. Veteran administrator Carla Schroder shows you how in this tutorial."
Register? (Score:2, Insightful)
Re:Register? (Score:5, Interesting)
Hey timothy
Re:Register? (Score:2, Troll)
I'm not defending for
I see your point, if a site(*cough* C/ZNet) do it too far it'd be very annoying.
It's FACT, or is it? (Score:1)
Re:It's FACT, or is it? (Score:1)
Re:Register? (Score:5, Informative)
Bye bye karma :(...
Re:Register? (Score:5, Informative)
It's one of the site worth giving your email address to. The biggest spam you'd get from them is just a (bi?)weekly IBM DeveloperWorks newsletter which you can easily unsubscribe.
I'm by no mean associate with IBM, in case you wonder.
Re:Register? (Score:2)
BTW, while you're at regitering at IBM, pick up Jikes, the 1.4 JVM, and robot wars. All good stuff. They've got some good Linux white papers too.
(Now to get them to use 100% ASCII in thier HTML instead of those stupid MS "smart quotes".)
More on UML (Score:5, Informative)
Also VMWare (Score:5, Interesting)
A couple of years ago, I went on vacation with no net access and only my laptop. I wanted to do network programming during my vacation. I set up four VMWare virtual machines running FreeBSD and did my little program (user-mode NFS server). Got a lot done in a short time (probably due to the lack of net access - had all the necessary docs saved ahead of time). I chose FreeBSD because it was much easier to cut down to a tiny image than any Linux distro (even Slackware, my favorite).
VMWare is also useful if you want to do OS-level programming (eg, write a kernel). This is one of my spare time projects (haven't touched it in years, though). I'd imagine user-mode Linux can't let you mess with the low-level stuff, but it could be useful for high-level stuff like scheduling algorithms and so forth (useful because it's a real PITA to boot up a machine whenever you change a line of code and user-mode Linux might give you some better debugging options than a serial cable).
You might be able to do this with Bochs [sourceforge.net] nowadays, but Bochs was nowhere near useful back then. Seems to have come a long way in a short time.
Not sure what advantages user-mode Linux would have over VMWare or Bochs. Perhaps some karma whore would like to register and post the contents of the article :)?
Re:Also VMWare (Score:4, Informative)
Not sure what advantages user-mode Linux would have over VMWare or Bochs.
It lets the kernel run as a regular user process, and has been developed to interact with the host in that context.
http://user-mode-linux.sourceforge.net/uses.html [sourceforge.net]
Larry
Better (Score:2, Redundant)
What would really be interesting is if non intel hardware could also be emulated. I sure wouldnt mind an Ultra5, RS/6000 and hammer systems networked together with ipv6 on token ring.. all on my BeOS desktop. BeOS is supported isnt it?
Re:Better (Score:3, Informative)
Um, UML is User-Mode Linux not User-Mode BeOS. And it doesn't emulate the processor. It provides virtualized instances of the OS, not an entire emulated virtual machine. You want UML Ultra5, you have to be on an Ultra5 machine in the first place. Ditto for RS/6000 or any other architecture.
More Dual Mode Acronyms for us techies: (Score:3, Funny)
BSD.. Berkley Source Distrobution or Blue Screen of Death
sheesh
all we need now is Xylophone Medical Laproscopy, Super Qualatative Logon, and our hype acronym heaven will be complete! "MWAHAHAHAHAHAHA"
Re:More Dual Mode Acronyms for us techies: (Score:1)
BSOD = Blue Screen Of Death
I'm sure you'll now have many BSDers agressively distancing themselves to the BSODers
could this be... (Score:5, Interesting)
Re:could this be... (Score:3, Interesting)
I was playing around with the idea of making chroot-ed jails for a server-based module, but using UML might be the way to go. I'm still working out the installing-procedure, trying to make up my mind if i want a regular debian-distro after an install or a setup like what you are describing.
And yes, it is based on KNOPPIX. well, the 33MB base module is :o)
Re:could this be... (Score:3, Insightful)
Yes, what you said, something like that. There's no real reason that the "core" install needs to have access to the net, when a virtual system can take the chances, and still "do the work". It makes by far the best sense to me yet of all the various security schema. It would also make upgrading better as you wouldn't be afraid of hosing your mission critical stuff while it's running.
Re:could this be... (Score:5, Interesting)
With linux, and using Debian, I'm at the point where I can say "Screw everything except what's in
--Robert
poor man's solution (Score:3, Insightful)
To get back to the subject, YES, an additional layer of "permissions" to access the system. Two stage isn't enough, you should be able to do an instant "create on demand" full system, use it for a session then trash it, thereby eliminating anything nasty that might have occurred to you, and that temporary system could be an additional step-->out away from the actual root or user level. There should be a "this is vulnerable being online so it can't do much and nothing permanent without jumping through hoops" temp-user level. A temporary trip wire action would help, and then the system would force you to go offline and compare audits before anything was 'saved' to the disk in either a users directory or at root level. It would be saved in the virtual OSs ram cache or on swap (a "virtual swap" inside the real swap as well?), examined, if it passes, THEN it can slide downhill into normal user-space. And the box needs it's own built in battery to keep ram cache intact in case of catstrophic outside failure, so that very important but still unexamined data is not lost. I've had UPSs fail, but when a laptop was plugged in, it didn't matter, I didn't lose anything or suffer file system damage, the built in battery concept is ideal for this, and I have no idea why it isn't just common on desktops as well. They are already big and heavy, a small battery is not that much more weight or space.
Re:could this be... (Score:2, Informative)
DIY (or, already been done, depending on how you look at it). What you want is accomplished in unix using setuid bits (usually only for escalating privileges) or setuid(2) (always for reducing privileges). This is how su and sudo work - look at their perms, and you'll see that su and sudo are setuid root. Root processes can also call setuid directly, so sudo goes becomes root on exec and can go to any user from there.
A number of ways to do this:
int main(int argc, char **argv)
{
argv[0] = "/path/to/evil-command";
execv(argv[0], argv);
return 1;
} Compile, set permissions appropriately. Or, if evil-command is a binary and not a script, just change ownership of evil-command to ramses-nobody and slap on setuid bit.
If this is a multi-user system, the only practical method is (1): you can set up sudo so that regular user ramses can run anything as restricted user ramses-nobody. You can even tell it to not prompt for a password when going from ramses to ramses-nobody. If it's a big system, you set up scripts so it becomes part of the account creation process. OTOH, if it's an big multiuser system, you don't worry about any of this since you keep daily backups :)
Re:could this be... (Score:2)
It's just too easy to implement in userspace. Just create a simple (and carefully debugged) suid program that does setuid to $username-nobody, and then execs the program.
Although interesting in the kernel, It would require the kernel to implement system policy (rather than just supporting it). For example, you are user 512, how does the kernel know you're allowed to exec as user 32012?
Re:could this be... (Score:1, Informative)
As for your idea about deleting a virtual system and reproducing it - that's generally the way corporate desktop machines are managed. Either with some software tool like Norton Ghost, or with a dedicated hardware IDE drive duplicator (which is really nice since you can do a bunch of drives at once). You can also use "tar" or similar tools to make an image of a unix machine (I believe this is called a "backup" :). VMWare has a nice little feature in that its virtual disks are just files, so you can copy those around as you see fit, and it has a feature where changes to virtual disks do not persist across reboots, which is quite useful in Windows environments where you cannot easily monitor how some installation or patch modifies a production system.
Note though, that if your system is 0wned, you can't just restore a backup or re-image the drive. The hole which allowed it to be comprimised is still there, so you have to do a post-mortem to figure out how it was broken and patch it up. So this stuff doesn't make managing security a whole lot easier. It does make a lot of other management stuff easier (recovering from your own mistakes or from broken software).
It does give you certain benefits as it can separate access to data, but I don't know if this is such a big benefit anyways: if you actually have critical data that must remain confidential, it's easier to set up a chain of machines that have various access to the data (running different software and OSes each suited to the particular task) and set up strict firewalls between all of them (or, depending on time and needs, any level of access control between: process based (non-privileged daemons), filesystem based (chroot, virtual machines) or machine/network based (multiple machines, perhaps with custom network software that only exposes the minimum required access to the data as opposed to some general-purpose database interface)). Three reasons to spend time on security: protecting access to confidential data, ensuring integrity of critical data and keeping uptime for important services. Can get involved if you actually have to protect data instead of just keeping uptime: most people don't care and don't bother.
Re:could this be... (Score:1)
The tar utility, guess I only thought about it for individual packages, didn't realise you could do the entire drive with it. Have to give it a whack on the funsie machine here, I trash it regularly enough......
As to the audit after getting owned, yes, that's why I mentioned it, seemed logical before allowing the compromised machine back online with the older but secure image. Just with the virtual system it might be faster to recover, as perhaps an identical one could be running simultaneously parallel to the "active" one.
I was just looking at knoppix updates, seems like a system like that might be nice for a semi- no brainer small scale server that is fairly secure(no write access by default install), especially if you took the concept and made it bigger, added your server and custom database apps, etc, and ran it-started it- from a custom burned dvd to a large enough ram bank. Maybe anyway.....I know that would be quite expensive....
Too bad about the "uptime" being more important in most places, you'd think data integrity would be paramount.
Yet again another car analogy, maybe for the bean counters benefit. It's faster and you have more driving "uptime" by just occassionaly topping off the crankcase oil as needed, but the engine's integrity is a lot better and the TCO is better with periodic "down times" and really changing the oil.
Other fun UML features (Score:2)
Still, there were features that would make it ideal for such a situation. When the console boots, you can redirect the console output to a serial line or to a TCP port, so the system starts, then halts until you connect to the TCP port to monitor the progress, then it continues and you see the console output in a terminal window as if you were sitting at the console.
UML (Score:2, Insightful)
what am i missing here? (Score:1)
isnt that the point of a protected mode operating system?
Re:what am i missing here? (Score:3, Informative)