Slashdot Mirror
User-Mode Linux Merged Into 2.5 Kernel
An anonymous reader writes "With little fanfare, User Mode-Linux (UML) has been merged into Linus' BitKeeper tree. The merge followed a patch by UML author Jeff Dike, resynching UML with the 2.5.34 development kernel.
From the UML homepage, User-Mode Linux provides you with a virtual machine that offers 'a safe, secure way of running Linux versions and Linux processes. Run buggy software, experiment with new Linux kernels or distributions, and poke around in the internals of Linux, all without risking your main Linux setup.'" There's more UML resources available at the community site.
I have a RedHat box that's colocated that I wanted to move over to Debian - so I installed UML and loaded Debian onto one partition, got everything set up correctly and told LILO to boot off the new slice. After a few minutes of praying Debian came up running all the correct services.
Thanks to the UML team!
User-Mode Linux provides you with a virtual machine that offers 'a safe, secure way of running Linux versions and Linux processes. Run buggy software, experiment with new Linux kernels or distributions, and poke around in the internals of Linux, all without risking your main Linux setup.'
Finally, something that will get Linux accepted as a viable desktop operating system for all levels of users!
-- "Complacency is a far more dangerous attitude than outrage." -Naomi Littlebear
I imagine there are honeypot applications for something like this. You could make a cracker totally believe they had broken in when in reality they are just in a UML.
For the ultra paranoid you could also make a backup copy of your whole UML partition and only run services in that, periodically restoring it from backup, and copying in the new data that is stored on the real OS. If you got broken into, it wouldn't really matter.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Every time I've seen UML mentioned, it's in refrence to kernel programing/X programing/programing in general/software testing/etc. I understand how it would be incredibly usefull in this circumstances. But my question to you guys is this: how would it benifit Joe User to have this installed if he just surfs the web, does e-mail, plays games, GIMPs, etc? Other than just another layer of crash protection, what good is this to the masses?
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Well, yes it is, but if you want to take advantage of the security, and debug processes in depth, then you might have some problems.
Many of you will probably remember the Reverse Challenge. One evening I downloaded the malicious binary, and decided that UML would be ideal to try running it in a tightly controlled enironment - using fenris to trace its execution and learn more about it.
Unfortunately, fenris doesn't work under UML (neither does strace if I remember correctly).
Shame. It's a lot cheaper than VMWare!
They are entirely different things. FreeBSD's emulation does translation of the system calls into the corresponding FreeBSD ones; UML is a full Linux kernel running in user space.
were you expecting to see a sig here? perhaps you'd rather see the inside of an ambulance!
I know that FreeBSD's jail allows for some level of virtualization. My question is, how technically does this differ from the jail mechanism or does it?
As a side note this sounds like a really cool idea, especially if you could virtualize multiple instances.
-Peter
. Penguins Surely Ca
Right. The quote I'm thinking of goes something like this....
"When you make something idiot-proof, the world just makes a better idiot".
Newbies will _find_ a way to hose thier machine, even with UML. You can bet on it. Me, I'm hoping I, er, they still can - there's no better way to learn how stuff _really_ works than by fixing it after you've "Blowed it up rreeaaaalll goooood!"
Soko
"Depression is merely anger without enthusiasm." - Anonymous
A Beowu*smack* ow.
Cheers
Stor
"Yeah well there's a lot of stuff that should be, but isn't"
Comparing UML to FreeBSD's API redirector (usually misnamed "Linux emulation") is like comparing Windows running in VMware to WINE. VMWare runs the true full blown MS-Windows while WINE redirects the calls to approbate native calls/code. Likewise, UML runs the true full blown Linux kernel while FreeBSD just redirects the calls to native calls/code.
UML adds more layers before a system call makes it to the hardware than simple API redirection. For example, for a program running in UML to read from the CD-ROM, the real kernel only provides access to the block device and the UML kernel translates the block device/ISO9660 accordingly for the file access calls. In UML, reading of the structures as following ISO9660 is done is *user space*. FreeBSD's API redirector breaks the block device structures from ISO9660 to approbate formats for file system calls all in the FreeBSD kernel. FreeBSD's Linux "emulator" does not achieve the same redefination of what occures in user space as opposed to kernel space at all. If FreeBSD can't run Linux binaries faster than UML then something is very wrong. However, it would be interesting to see if FreeBSD's API redirector could run UML and see if UML runs faster on top of FreeBSD or on top of Linux.
The use of TLA's (Three Letter Acronyms) has become so rampant that it is hard to find things which aren't referred to by their TLA. In many cases, the same TLA has more than one meaning, so the users of the acronym are able to keep the context straight. In this case, where the software sector has a standard definition of UML, reusing the acronyn will only spread confusion
If I were to create a software application called Great New Utility and referred to it as GNU, people would rightly be upset at me for trying to usurp an already common use of an acronym. In this case, I would probably be violating a trademark. The acronym of UML is already trademarked by Object Management Group, and has a common and well known usage.
"Microsoft has made computing accessible to a population who would otherwise not be able to use computers" - B. Kernigha
I imagine there are honeypot applications for something like this. You could make a cracker totally believe they had broken in when in reality they are just in a UML.
:) and give them unrestricted network access, you might be able to efficiently spy on what they're doing, maybe, but they've *still* taken over your network connection. They can now use it for a DDoS zombie, an IP bounce, or maybe just put some of their own filez on that wu-ftpd server you set up to get knocked over...
Except for the 0.02% of people out there, and maybe 98% of businesses, that have anything on their computers that's more useful than the computer itself, I don't know why this would make a good honeypot. The cracker won't just think he's broken in... he will have really broken in.
Not so much a honey-pot as a pot-o-honey...
The UML website mentions applications as a sandbox, which makes sense, but if you're going to run vulnerable apps to lure hackers (i refuse to mistake hackers and crackers
My $0.02
First off, you are comparing two things not of similar function. Second, a lot of Word's functionality is also included in shared DLLs- that same winword.exe file won't run if you shove it on a bare machine. Third, you can rebuild the kernel to be as large or as small as you want (functionality-wise, which also affects kernel size). Red Hat's kernel is not the 'official' kernel, so it is misleading to say that the Linux kernel is now larger than the Microsoft Word executable.
slashdot!=valid HTML
One of the great things about UML - unlike a lot of other OSS projects - is that it's very well documented. Thanks to the UML diagrams on UML, there is no confusion as to what UML is or what it does.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
Somebody has to mention the Virtual Private Servers (vservers) and security contexts (ctx) patch, which takes chroot(), and adds the good stuff from jail() and more to make completely separated contexts for process groups, without the overhead of another kernel.
I've been running Debian 2.2r7 and RedHat7.2 in parallel with Debian/Woody on the same box for months now with this patch.
--- Hindsight is 20/20, but walking backwards is not the answer.
To keep those little brilliant (bastard) children from wrecking your shiny new Linux lab.
If voting were effective, it would be illegal by now.
There are several products that require a custom kernel, and this could certainly benefit all of them.
The one I'm thinking of right now is Win4lin, the cheapest, fastest Windows VM for Linux right now; it needs a kernel with its own patches, and they distribute patches for Debian, Slackware, Mandrake, and Vanilla kernels. My distro (Gentoo) makes a kernel which is known for its speed, but which I'm not using right now because of this (I can't even patch the Vanilla kernel to that level because it the Win4lin patch conflicts with Gentoo's patches).
Mod me down and I will become more powerful than you can possibly imagine!
The news here is that it is merged into 2.5
UML is not new, though this will certainly make things better.
Just think of the neat firewalling you can do.
Run your DNS servers inside a UML session, with traffic to them filtered by firewalling on the host... even if someone breaches BIND, they are stuck in a machine, can't go anywhere, because all traffic to that machine is filtered.
Virtual linux machines for each service that is not performance critical.
Consider a firewall where the only IP layer things that are seen are actually coming from instances of UML.
The host kernel is just running bridging (and filtering, of course) , and doens't even have an IP of it's own.
So your NAT device is actually a UML instance.
So hey manage to get root on it.. even so, the traffic to it is filtered at a layer they cannot even see. They just can't get there from, well, there.
I've read the web site, but I still don't really understand what UML is. How is it different from something like VMWare?
And the men who hold high places must be the ones who start
To mold a new reality... closer to the heart