User-mode Linux

Printable View

September 13th, 2002, 05:18 PM
problemchild

User-mode Linux

This was reported on the front page of Slashdot today..... it seems that user-mode Linux has finally been merged into the 2.5 development kernel. To me, UML is easily one of the coolest features of the new kernel series. What is it? Well, from usermodelinux.org:

Quote:

User-mode Linux is a patch for the Linux kernel which allows an executable binary to be compiled and executed on a host Linux machine. The kernel can be assigned virtual resources, including a root filesystem and swap space, and can have a hardware configuration entirely separated from that of the host.

So what does that mean to you and me? Well..... from the project homepage:

Quote:

As a secure sandbox or jail

Processes inside the user-mode kernel have no access to the hosting machine or to the outside world that's not explicitly provided. So, a malicious application running inside it can do no harm to anything that matters. Should viruses like those now plaguing other, inferior operating systems ever start appearing on Linux, the environment provided by this kernel can provide pretty solid protection against them.

Conventional wisdom holds that ideally, each service should run on a separate dedicated server for maximum security. But in actual practice, it's often too expensive or too impractical to have separate boxes for web, ftp, DNS, etc. Now you can run each of those services on one box but in separate virtual machines and get the same effect.

Oh yeah.... you know that link to usermodelinux.org above? It's running in a virtual machine.

This is WAY COOL stuff.
September 13th, 2002, 06:59 PM
Redbone

Wow! I think that this is awesome!! As a linux newbie I continue to be amazed at the innovation that is going into the development of linux.

One of my goals in moving to linux is to explore how to configure the machine and get the most out of it. By being able to run several virtual machines on one box it allows you to configure each VM environment to fit the security needs of the service running on it! One of my concerns is running a web server and a telnet service in the same environment.

Even though the separation exists within the nature of the operating system to keep my files secure, there is always the possibility that some piece of sotware running on the box will give someone the ability to sabotage my machine. With this virtual machine approach each service has its own virtual file system and holes can't be as easily exploited across services.

Great post!!
September 15th, 2002, 12:50 AM
slarty

User-mode linux isn't really that secure. The jail-mode has some possibility of being ok, but don't count on it.

I'm not sure how well the memory protection actually works, heard bad things about it.

I would certainly say it is LESS SECURE than VMWare in this respect. However, because it doesn't try to emulate any hardware, it is much easier to set up and has a lot less overhead (it boots really quickly on my box, no kernel drivers required)

If you run UML as a non-privileged process in a chroot on the host system, that might make it harder to get out of (and do anything useful anyway)
September 17th, 2002, 01:37 PM
TomCruise

I want to hear about the performance of such number of virtual systems running simultaneously. Is there any degradation of speed and how much more memory it consumes.

Actually what are the benchmark results of such a system. With people running low end systems(like me running a celeron 433 32mb) at home , how much productive is this?

plz reply