Stephen D. Williams writes:
> Pretty slick how they emulate kernel/user mode, memory protection,
> system calls, I/O interrupts, etc. It uses Linux threads to handle a
> lot of context switching in it's threads, although only as many threads
> are runnable as UML has virtual CPUs. Normally runs X using Xnest
> (although obviously VNC could be used). It's biggest use is still
> kernel development, but virtually hosted environments are becoming a
> common use supposedly. UML doesn't have to run as root and of course
> you could chroot it.
Note that "protect kernel memory from userspace" is still on the TODO
list at
http://user-mode-linux.sourceforge.net/todo.html
That puts a damper on some security-related applications, since it's
probably not too hard for malware in virtual userland to overwrite the
kernel and get direct access to the host at the syscall level, with
the privileges of whatever host user is running UML. Fixing that is
on the TODO list, though the current planned fix (explicitly changing
page permissions for all kernel memory on kernel entry) may
significantly slow the virtual machine's syscall entry and exit.
VMWare is probably the best industrial strength environment for
"virtual firewalling", though plex86 (which can be described as a free
VMware workalike --- see www.plex86.org) seems to be getting there.
rst
This archive was generated by hypermail 2b29 : Fri Apr 27 2001 - 23:15:07 PDT