Slashdot Mirror

← Back to Stories (view on slashdot.org)

User Mode Linux

Posted by michael on from the real-or-memorex dept.

langed writes: "It appears that Jeff Dike has supplied a new implementation of the Linux kernel, whereby it is possible to boot a Linux kernel from the command line. This allows you to test a kernel before installing it, or completely partition users off from the main system. Networking appears to be through a slip connection, AFAIK, but this thing shows serious potential for increasing security and for kernel hacking, among many other nifty uses."

31 of 66 comments (clear)

  1. Re:Similar to FreeBSD jail() by drdink · · Score: 4

    They may have the same result, but unlike jail() this thing requires you to run a kernel under your kernel. FreeBSD's jail() uses the system kernel. There is no second kernel running under it. You get less of a cpu hit with jail().

    --
    Beware, Nugget is watching... See?
  2. Great for teaching by benmhall · · Score: 2

    At my school there's a lab full of Celeron's running Linux JUST for an Operating Systems class. They let the users log in as root and recompile the kernel/tear the machine apart and then re-ghost the image every day or two. This sounds like a much nicer way of letting users see how Linux works without doing any damage to the network. What a boon for teaching!

  3. Security compaired to FreeBSD's jail? by Spoing · · Score: 2
    While User Mode Linux and FreeBSD's jail have different designs, what are the security differences between the two when used as sandboxes?

    From what (little) I know of UML, I'd have to give jail the nod since it's focused on security, uses less overhead per-process (?), as well as having a focused and simple design.

    --
    A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
  4. Re:Some idle thoughts by swinge · · Score: 3
    Good post. More idle thoughts.

    It enhances a lot of the capabilities you mention, but it's not a panacea. If you ran a batch of them on one machine, they'd be in contention over a number of system resources and would have to block and wait for one another in a way that kernels in the wild do not. I'll bet tests could be developed to detect such a honeypot. Large-scale distributed systems (which would consume some large-scale memory on the single host :) might not behave the same way. For example, the resource locking and blocking might inadvertently clean up race conditions and whatnot.

    I'm not saying it wouldn't be a big help in getting closer to solutions of the problems that you suggest, just that it isn't perfect and will present its own set of problems.

  5. Re:The ultimate win/lin compatibility by Webmonger · · Score: 2

    Actually, I was originally going to post a serious comment. Since I use Windows a lot of the time, Linux-in-windows would actually be very handy for me. Plus, with the right virtual drivers, you'd be able to access devices under Linux that have no Linux drivers.

    I understand it's not in the offing yet, but the website lists "A Linux environment for other operating systems" as a potential use.

    But still. . . Windows under Linux? Doesn't that defeat the purpose of Linux?

  6. this has been around for quite a while... by ceswiedler · · Score: 3

    At least on the linux-kernel list, discussion of the user-mode port has centered around its usefulness as a tool for debugging kernel code. I haven't heard any suggestions that it actually be used as a production "kernel", or that multiple user-mode kernels run at once. Perhaps that's just because discussion on l-k centers on implementation details. I'll also guarantee that no thought has been put into making a user-mode Linux port for Windows, so you can stop wishing...

    1. Re:this has been around for quite a while... by jdike · · Score: 3
      I'll also guarantee that no thought has been put into making a user-mode Linux port for Windows, so you can stop wishing...

      Actually people have thought about it. No one has coughed up any actual code, though.

      Jeff

  7. Re:The ultimate win/lin compatibility already exis by Ed+Avis · · Score: 2

    It might be possible to re-link a Linux binary against the Cygwin libraries instead of glibc, and then run it. Like how Wine links Windows binaries against its own implementation of Win32 - I think. I'm not a binutils guru, so could someone say whether this would be possible?

    --
    -- Ed Avis ed@membled.com
  8. Re:Get your mainframe!! Mainframes here!! by simong · · Score: 4

    There's something similar already: UK company DSVR sell virtual servers that are effectively multiple standalone 300Mb Linux boxen on a 500Mhz PC host. They've also made the technology available through the GPL at www.freevsd.org.

  9. Re:Old news by stevey · · Score: 2

    I believe it has quite a high version number, and the diary page on the web site goes back to February of this year.

    While I've heard of this for a while now, (not sure how long - but I've seen it on Kernel-Traffic), its good that this is covered now, why?

    Because too often we get stories covered here, about software that is verson .0.01, or are under planning stages.

    This is different; because to somebody who hasn't heard about it theres a nice suprize .. they can actually download this and play with it .. without too much hassle. Which is a good thing.


    Steve
    ---
  10. Machines in machines rock... by B747SP · · Score: 2
    Pretty awesome stuff. VMWare is a really good commercial one - though VMWare goes the whole hog, with a full virtual machine with access to hardware and everything. Still, being able to boot multiple instances of the one OS on any one machine is a real plus.

    At my work, we have a choice of NT, NT, or NT - and it's not native hackable NT either, it's a bizarre mod on NT done by some systems group. I run Red Hat on my PC, then the obligatory corporate NT builde in a VMWare virtual machine. Handed it to the NT drones one day and said "what's wrong with this?" with the NT machine full-screen. They couldn't tell, said it was just fine.

    Stuff like this really comes into it's own when you can run multiple 'machines' on one, get a whole multi-OS test lab happening on one box. User-land linux rocks - a great step in the right direction!

    --
    I find your ideas intriguing and I wish to subscribe to your newsletter.
  11. The ultimate win/lin compatibility already exists! by alienmole · · Score: 3
    For many people who already have Windows installed, running a linux kerel on top of it would provide an easy path to get the capabilities of linux.

    You can already run Linux on Windows, using VMWare. I'm running Linux on WinNT4 right now. You can download an eval. They have a $99 hobbyist price, too.

    Also, Cygwin provides a good implementation of the GNU tools on Windows, which lets you run GCC and compile and run lots of open source stuff.

  12. Re:Great! by alienmole · · Score: 2
    if the virtual x86 has access to disk hardware, or net hardware with NFS, then hacked daemons could do real damage to the VM host.

    VMWare (see my other reply to you) virtualizes the disk and network too. The host disk is completely safe (as far as I can tell.) A hacked daemon could access the network, but if you're that concerned, you can disable networking in the VM.

  13. Re:Security and GPL Considerations Of User Mode Li by jdike · · Score: 2
    A more troubling question is how much of "User Mode Linux" can be run entirely independent of root. Even creating a new SLIP device for the virtualized OS requires non-user priviledges, so the best case scenario remains that an attacker, knowing they're behind a false root, attempts to corrupt or attack the parent kernel by feeding bad bytes down the network interface.

    Everything except access to the host networking can be done as non-root. At this point, setting up networking requires a suid helper. After the network is setup, everything is non-privileged.

    Jeff

  14. User Mode... by comcn · · Score: 2

    Hey, doesn't that mean that Users will be able to cope with Linux? I mean, most SysAdmins have to switch to `User Mode' to explain things to the lusers...

  15. Great! by pb · · Score: 2

    I've been interested in this project for a while now, and it looks like (according to the TODO list) they've fixed a lot of gotchas, and now it's time to hammer out the bugs and optimize.

    However, I still like the idea of running a virtual x86 machine better, for the OS compatibility. Running a virtualized Linux would be cool for security, (run sendmail and wuftpd and whatnot on top of that; if someone hacks it, just kill and respawn :) and of course development, but that's about it.
    ---
    pb Reply or e-mail; don't vaguely moderate.

    --
    pb Reply or e-mail; don't vaguely moderate.
    1. Re:Great! by G+Neric · · Score: 2

      basically a good idea, but it's harder than that because you've got to virtualize more than x86: if the virtual x86 has access to disk hardware, or net hardware with NFS, then hacked daemons could do real damage to the VM host.

  16. Get your mainframe!! Mainframes here!! by qnonsense · · Score: 3

    User mode Linux == Mainframe-like functionality?

    Isn't this sort of thing that the S390s do? So couldn't we now start running mad-crazy numbers of VMs on straight up PC hardware? So if I were an ISP, I could give each of my clients their own host, yes?

    Fun stuff!

    --
    There comes a time in every man's life when he must say, "No mother! I do not want any more Jell-O!"
    1. Re:Get your mainframe!! Mainframes here!! by Nicolas+MONNET · · Score: 2
      It's sooo much better than chroot! There's no getting out from that box! And chroot has some limitations, such as only one filesystem.

      --

  17. The ultimate win/lin compatibility by Webmonger · · Score: 3

    Forget WINE. The ultimate windows/linux compatibility is running a linux kernel under Windows! All the stability of Windows and all the Gui goodness of Linux!
    Think on it.

    Think on it and tremble. . .

  18. Uses by xant · · Score: 3
    There are uses for this. Step outside the sysadmin box for a minute and think about it as a powerful development tool, and not just for KERNEL developers, either. The ability to run a kernel in usermode allows you to:

    1. - Boot up a whole new DISTRO - never mind a new kernel - in a safe environment, simply by installing it in a subdirectory of /. Projects like
    2. Repairlix could use this during development to avoid having to burn the cd, install it on a clean system, reboot to that system (or worse, have a whole 'nother computer for it).
    1. - Give developers of drivers and network interfaces something to debug. When your code is likely to crash the whole system, it's crucial that you be able to place your debugger OUTSIDE the system.
    1. - Give developers of ALL kinds of systems the ability to see the effects of their installer, compilation system, package management, etc. on different kernels and environments quickly. Want to see if your program runs on 2.0.* Linux? Boot the sucker up. (AFAIK the UML stuff is ported to particular kernels, so I guess you couldn't pick ANY kernel you wanted. Maybe when it comes of age a bit more. . .)

    --
    --
    It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
  19. Some idle thoughts by jd · · Score: 5
    • A user-land kernel would make a great honeypot as it would be indistinguishable from a "real" system.
    • It would allow you to test large-scale distributed software -WITHOUT- a large-scale distributed setup.
    • As with car mechanics, it would allow you to see the engine running, without being in the car.
    • It offers more profiling possibilities (as your profiler won't be changing the state of the kernel by the act of running).
    • The first one to port the entire Linux kernel to a Word Macro wins the "Gross, Sick and Disgusting, but very Impressive Hack" Award.
    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    1. Re:Some idle thoughts by Black+Parrot · · Score: 2

      > Isn't the GPL infectious enough for you?

      Actually, I don't think of it as being viral. I have lots of GPL and non-GPL stuff together on my disk, and the non-GPL stuff never seems to get infected.

      Rather, I think of the GPL as inductive, in the sense familiar to computer scientists. I.e., if x is GPL'd, then successor(x) is also GPL'd.

      --

      --
      Sheesh, evil *and* a jerk. -- Jade
    2. Re:Some idle thoughts by Black+Parrot · · Score: 3

      > The first one to port the entire Linux kernel to a Word Macro wins the "Gross, Sick and Disgusting, but very Impressive Hack" Award.

      Then we release it as a virus.

      --

      --
      Sheesh, evil *and* a jerk. -- Jade
  20. cygwin port by joshv · · Score: 3

    Would it be possible/desirable to port this to cygwin? Then I could boot a linux kernel under NT. Not sure if this makes sense but then it seems this would give me binary compatibility with Linux executables.

    -josh

  21. Good for webhosting by nconway · · Score: 2
    This was mentioned on the mod_perl mailing list, and I agree. The idea is to use this like IBM's virtual machines on an S/390 to separate webhosting boxen into 1 'machine' per client. Some cool + fast technologies (like mod_perl) can crash Apache if written poorly. This is obviously a problem for webhosting companies. With user-mode Linux, you could separate each client from one another, and all the clients from the actual kernel.

    This probably wouldn't be necessary for most clients (doing static content, CGIs, etc). It could be offerred as a 'premium package', or whatever. So all the static content + CGI stuff could run in 1 kernel, and you could give each premium client their own kernel to play with. The efficiency problems would probably be offset by the big speed boost mod_perl and similar apps give you (after all, that's why they need to be so closely integrated with Apache). Plus, if these people are willing to pay extra for a `premium' package, you can probably afford to buy a couple big Sun boxen to host them on.

  22. Interestingly enough by drinkypoo · · Score: 2

    Scyld (you know, beowulf? A top news item today?) have a package on their site called Two Kernel Monte (by Erik Hendriks which says the following:

    Two Kernel Monte is a kernel module which allows Linux to load another kernel image into RAM and restart the machine from that kernel. The loader supports initial ram disks and passing arbitrary kernel command line parameters to the new kernel. This version supports Linux 2.2.x and Linux 2.3.x.

    Not quite the same thing, but related and interesting.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  23. Re:Old news by Taurine · · Score: 4

    Yes, this has been available for months. It must have been reported here before, too. News seems stuck in an infinite loop recently on /. Back in the day this didn't happen very often, and the actual number of front-page stories wasn't lower, so what could be the cause? Is there a drop in the quality of the story queue, or of the attention of the editors? In this case, how could the submittor have failed to notice that this wasn't new? I believe it has quite a high version number, and the diary page on the web site goes back to February of this year. And this thing is often mentioned in the most consumable version of the kernel mailing list, Kernel Traffic.

  24. Re:linux as a microkernel by Adnans · · Score: 2

    Size has nothing to do with being a microkernel. The architecture of the kernel makes it a micro or monolithic kernel; basically wether it does message passing or not.

    --
    "In short: just say NO TO DRUGS, and maybe you won't end up like the Hurd people." --Linus Torvalds
  25. Security and GPL Considerations Of User Mode Linux by Effugas · · Score: 5

    I've actually been talking up User Mode Linux since I first heard about it some time ago. The project's goal is essentially to re-implement Linux in its own system call interfaces, so the entire operating system can be executed as Just Another Application.

    It's actually pretty cool code, and it has some pretty interesting implications as time goes on.

    Among other things, it's actually a surprisingly good hack for making IPSec on Linux rather more usable. It's pretty obvious that IPSec code belongs in the kernel(after all, it's built off of IP, which *is* kernel code), but the difficulty and potential instablitity of IPSec, when it's not exactly a critical application for many users, precludes the deployment of the code. User mode Linux, with a stripped down FreeSWAN distribution, could give a much less risky and far simpler method for users and administrators to test and perhaps even deploy simple IPSec endpoints.

    IPSec may become only marginally more awkward to experiment with than SSH.

    Of course, this would require raw access to the network interface--not something generally given user level processes. That illustrates the #1 caveat of User Mode Linux--if the environment runs as root under the parent kernel, the child kernel doesn't particularly lose those root permissions. Granted, control over the operating environment can be much, much finer grained per virtual OS instantiation. But if that environment is broken, the attacker gains all capabilities of the user parent. When the user parent is root...sure, there's a layer of obfuscation, but that's about it.

    Of course, if I was attacking a machine, I wouldn't particularly expect that the machine I had taken over was just a temporarily instantiated OS image.

    A more troubling question is how much of "User Mode Linux" can be run entirely independent of root. Even creating a new SLIP device for the virtualized OS requires non-user priviledges, so the best case scenario remains that an attacker, knowing they're behind a false root, attempts to corrupt or attack the parent kernel by feeding bad bytes down the network interface. Luckily, that's generally a pretty untrusted interface--and even better, there's absolutely nothing that says you have to give the client a direct network link(slirp, once again, comes in incredibly useful.)

    Interestingly enough, User Mode Linux (as noted on the page) will probably eventually be used to port Linux apps en masse to alternate platforms that implement the Linux System Call APIs. lxrun *does* this on Solaris to some degree; this does mean that sometime down the line, Linux IPSec code may function on a non-free OS.

    This really shouldn't be a big deal, with everything GPL and open--but RMS and Becker have made some pretty loud noises about kernel functionality being intrinsically separated from the intent of the GPL. User Mode Linux reduces the entire kernel to Just Another Application, no different than anything else. This is, in a technical sense, a beautiful, fascinating example of encapsulation--one that could never have come about without the openness that the GPL grants.

    I'd keep an eye on User Mode Linux if I were you. This is among the most interesting work being done with the OS, period.

    Yours Truly,

    Dan Kaminsky
    DoxPara Research
    http://www.doxpara.com

  26. Similar to FreeBSD jail() by lomion · · Score: 2

    This sounds very similar to the FreeBSD jail() capability which is a very nice feature. Sounds good that linux may be getting a similar capability.

    --
    this space for rent