Slashdot Mirror

← Back to Stories (view on slashdot.org)

Introduction to User-Mode Linux

Posted by timothy on from the users-are-not-necessarily-losers dept.

developerWorks writes "Ever wish you had a place to let your Linux applications play -- where they wouldn't hurt anything else? Do your killer apps spend too much time killing each other? Originally conceived as a kernel developer's tool, UML lets you set up multiple virtual machines that are isolated from each other and from the hardware. Now, you can test applications all the way to failure without breaking the host system -- or even requiring a reboot. Veteran administrator Carla Schroder shows you how in this tutorial."

32 comments

  1. Register? by *xpenguin* · · Score: 2, Insightful

    How can a tutorial that requires registration get accepted?

    1. Re:Register? by josephgrossberg · · Score: 4, Interesting

      Even worse, the story was submitted by the people who want you to register -- developerWorks.

      Hey timothy ... if you guys were mixing in advertising with real stories ... like portals do with "search results" ... you'd let us know, right? Right?

      --

      Joe
      http://www.joegrossberg.com
    2. Re:Register? by MBCook · · Score: 4, Informative
      This isn't an article, it's a free online educational course. That's why they want you to register. It's still free. Why don't you try LOOKING at things before you start to complain?

      Bye bye karma :(...

      --
      Comment forecast: Bits of genius surrounded by a sea of mediocrity.
    3. Re:Register? by jsse · · Score: 4, Informative

      Well said! In fact, IBM DeveloperWorks has a lot of free tutorials like you can find this one in Linux tutorial.

      It's one of the site worth giving your email address to. The biggest spam you'd get from them is just a (bi?)weekly IBM DeveloperWorks newsletter which you can easily unsubscribe.

      I'm by no mean associate with IBM, in case you wonder. :)

    4. Re:Register? by jsse · · Score: 1, Troll

      Would you feel better if it's submitted by 'CoolSiteCheckThisOut'? :)

      I'm not defending for /., but I do appreciate timothy honestly tell us who originated the submission.

      I see your point, if a site(*cough* C/ZNet) do it too far it'd be very annoying. :)

    5. Re:Register? by Anonymous Coward · · Score: 0

      Yeah, like I'm going to give a permanently working email address out for a website registration ever again. There's a reason why they make you register. What could that be? It's free, so apparently they don't want your money. Then what is it? If they were just trying to build a reputation for being a great source of information, they could do better without the registration. I find these registrations extremely annoying: Whenever I need a password for something on a site like that, I reregister with a fresh one-time email address. Cookies are useless in a frequently changing browsing environment and reregistering is still easier than keeping track of a myriad of passwords.

    6. Re:Register? by jsse · · Score: 0, Troll

      Right you are but this account is to be used not only in alphaworks, but all other areas that allows free reg access. Apparently they've unified the registration database. Yeah, it's annoying. :)

    7. Re:Register? by karlm · · Score: 1
      IBM used to be the big evil giant, but I have to say I'm really starting to love IBM. I prefer thier JVMs to the official Sun versions. I really hope Apple ships something based on a POWER4 chip soon. IBM does some REALLY cool research and puts lots of money into Linux development.

      BTW, while you're at regitering at IBM, pick up Jikes, the 1.4 JVM, and robot wars. All good stuff. They've got some good Linux white papers too.

      (Now to get them to use 100% ASCII in thier HTML instead of those stupid MS "smart quotes".)

      --
      Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
  2. More on UML by jsse · · Score: 5, Informative

    The link requires (free)registration. It has a guide for Debian installation too. For Gentoo users, you may also look at gentoo's guide on User-Mode Linux.

  3. Also VMWare by Permission+Denied · · Score: 4, Interesting
    VMWare is also useful for stuff like this. Set up a few VMWare virtual machines and you're good to go.

    A couple of years ago, I went on vacation with no net access and only my laptop. I wanted to do network programming during my vacation. I set up four VMWare virtual machines running FreeBSD and did my little program (user-mode NFS server). Got a lot done in a short time (probably due to the lack of net access - had all the necessary docs saved ahead of time). I chose FreeBSD because it was much easier to cut down to a tiny image than any Linux distro (even Slackware, my favorite).

    VMWare is also useful if you want to do OS-level programming (eg, write a kernel). This is one of my spare time projects (haven't touched it in years, though). I'd imagine user-mode Linux can't let you mess with the low-level stuff, but it could be useful for high-level stuff like scheduling algorithms and so forth (useful because it's a real PITA to boot up a machine whenever you change a line of code and user-mode Linux might give you some better debugging options than a serial cable).

    You might be able to do this with Bochs nowadays, but Bochs was nowhere near useful back then. Seems to have come a long way in a short time.

    Not sure what advantages user-mode Linux would have over VMWare or Bochs. Perhaps some karma whore would like to register and post the contents of the article :)?

    1. Re:Also VMWare by LarryRiedel · · Score: 4, Informative

      Not sure what advantages user-mode Linux would have over VMWare or Bochs.

      It lets the kernel run as a regular user process, and has been developed to interact with the host in that context.

      http://user-mode-linux.sourceforge.net/uses.html

      Larry

  4. Better by mnmn · · Score: 1, Redundant


    What would really be interesting is if non intel hardware could also be emulated. I sure wouldnt mind an Ultra5, RS/6000 and hammer systems networked together with ipv6 on token ring.. all on my BeOS desktop. BeOS is supported isnt it?

    --
    "Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
    1. Re:Better by CableModemSniper · · Score: 3, Informative

      Um, UML is User-Mode Linux not User-Mode BeOS. And it doesn't emulate the processor. It provides virtualized instances of the OS, not an entire emulated virtual machine. You want UML Ultra5, you have to be on an Ultra5 machine in the first place. Ditto for RS/6000 or any other architecture.

      --
      Why not fork?
  5. More Dual Mode Acronyms for us techies: by xagon7 · · Score: 3, Funny

    UML.. User Mode Linux or Unified Modeling Language?

    BSD.. Berkley Source Distrobution or Blue Screen of Death

    sheesh

    all we need now is Xylophone Medical Laproscopy, Super Qualatative Logon, and our hype acronym heaven will be complete! "MWAHAHAHAHAHAHA"

    1. Re:More Dual Mode Acronyms for us techies: by karearea · · Score: 1

      BSD != Blue Screen of Death

      BSOD = Blue Screen Of Death

      I'm sure you'll now have many BSDers agressively distancing themselves to the BSODers

  6. It's FACT, or is it? by arcadum · · Score: 1

    I cant substantiate, I've tried searching, but I remeber reading (back when /. annonced it was going to a subscription model) that once per day they would post a advertisement/story. I think it was Rob who posted it. None-the-less, That was the deal that kept the bits flowing.

    1. Re:It's FACT, or is it? by onomatomania · · Score: 1

      You should have looked at the date on that article, it was April first. Seriously.

  7. could this be... by zogger · · Score: 5, Interesting

    ...could this be a possible way to have "more" security while running and hooked to the net? Is there any angle here to make the virtual OS that's connected be totally locked away from the actual OS that runs everything, so that in the event of a major "owning" you could delete that virtual system, then reproduce it easily from a "spare" OS with it's set of apps that's already installed and clean? Sort of like the knoppix idea?

    1. Re:could this be... by AlXtreme · · Score: 3, Interesting
      Hmm, nice point, working in that direction on Morphix. The whole point is that it consists of different compressed filesystems, each one with a single purpose, in order to increase reusablility and lessen effects of attacks.

      I was playing around with the idea of making chroot-ed jails for a server-based module, but using UML might be the way to go. I'm still working out the installing-procedure, trying to make up my mind if i want a regular debian-distro after an install or a setup like what you are describing.

      And yes, it is based on KNOPPIX. well, the 33MB base module is :o)

      --
      This sig is intentionally left blank
    2. Re:could this be... by Ramses0 · · Score: 4, Interesting

      In a similar vein, could somebody tell me why we don't have a concept of ExecAs( "$username-nobody" ) yet? It would just seem to make sense that you would want to give regular users the ability to Exec a program (sudo) as their very own non-entity (for me, that'd be "rames-nobody"). It would certainly make interacting with the internet / outlook / evolution style apps a lot more safe.

      With linux, and using Debian, I'm at the point where I can say "Screw everything except what's in /etc and /home". But my /home directory is vitally important, and the *last* thing I would want a worm / virus to take out. The first time a buffer overflow in the Macromedia flash plugin takes out 50% of linux user's home directories is the only time people will pay attention to this problem (unfortunately)!

      --Robert

    3. Re:could this be... by zogger · · Score: 2, Insightful

      --I bookmarked the page and will check it out later. Right now it won't display properly for me, but I'll try it again.

      Yes, what you said, something like that. There's no real reason that the "core" install needs to have access to the net, when a virtual system can take the chances, and still "do the work". It makes by far the best sense to me yet of all the various security schema. It would also make upgrading better as you wouldn't be afraid of hosing your mission critical stuff while it's running.

    4. Re:could this be... by Anonymous Coward · · Score: 1, Informative
      Yes, this type of thing is used occasionally. I've seen people use VMWare for honey pots. It's also quite common to run various things in a chrooted environment, and FreeBSD provides an enhanced chrooted environment which allows you to pass specific IP traffic to a chrooted environment. Beware, though, that setting up a chrooted environment is a real PITA, especially if you don't have source to the intended program. Cute trick: you can give a chrooted environment controlled access to the real environment using hard links. See also this paper, which is probably one of the first honey pots. I would not recommend running a honey pot until you've written kernel modules and maintained production firewalls (requires programming, networking and sysadminy knowledge - honeypot by newbie = DDoS zombie/warez server/attack proxy).

      As for your idea about deleting a virtual system and reproducing it - that's generally the way corporate desktop machines are managed. Either with some software tool like Norton Ghost, or with a dedicated hardware IDE drive duplicator (which is really nice since you can do a bunch of drives at once). You can also use "tar" or similar tools to make an image of a unix machine (I believe this is called a "backup" :). VMWare has a nice little feature in that its virtual disks are just files, so you can copy those around as you see fit, and it has a feature where changes to virtual disks do not persist across reboots, which is quite useful in Windows environments where you cannot easily monitor how some installation or patch modifies a production system.

      Note though, that if your system is 0wned, you can't just restore a backup or re-image the drive. The hole which allowed it to be comprimised is still there, so you have to do a post-mortem to figure out how it was broken and patch it up. So this stuff doesn't make managing security a whole lot easier. It does make a lot of other management stuff easier (recovering from your own mistakes or from broken software).

      It does give you certain benefits as it can separate access to data, but I don't know if this is such a big benefit anyways: if you actually have critical data that must remain confidential, it's easier to set up a chain of machines that have various access to the data (running different software and OSes each suited to the particular task) and set up strict firewalls between all of them (or, depending on time and needs, any level of access control between: process based (non-privileged daemons), filesystem based (chroot, virtual machines) or machine/network based (multiple machines, perhaps with custom network software that only exposes the minimum required access to the data as opposed to some general-purpose database interface)). Three reasons to spend time on security: protecting access to confidential data, ensuring integrity of critical data and keeping uptime for important services. Can get involved if you actually have to protect data instead of just keeping uptime: most people don't care and don't bother.

    5. Re:could this be... by Anonymous Coward · · Score: 2, Informative
      In a similar vein, could somebody tell me why we don't have a concept of ExecAs( "$username-nobody" ) yet?

      DIY (or, already been done, depending on how you look at it). What you want is accomplished in unix using setuid bits (usually only for escalating privileges) or setuid(2) (always for reducing privileges). This is how su and sudo work - look at their perms, and you'll see that su and sudo are setuid root. Root processes can also call setuid directly, so sudo goes becomes root on exec and can go to any user from there.

      1. Set your umask to 022 or 027.
      2. Create a new user (ramses-nobody)
      3. Put user in your default group
      4. Run command as new user. Processes run as new user will have read-only access to your files.

        A number of ways to do this:

        1. sudo -u ramses-nobody evil-command
        2. If your system doesn't have sudo (a problem which you should correct), su to root and then su ramses-nobody evil-command
        3. If you can't be bothered to type a password whenever you do this and this a single-user system, write a small C program which execs evil-command and then set it setuid ramses-nobody (setuid bit on scripts is ignored in modern systems, so it needs to be a C program). Entirety of program: #include <unistd.h>

          int main(int argc, char **argv)
          {
          argv[0] = "/path/to/evil-command";
          execv(argv[0], argv);
          return 1;
          }           Compile, set permissions appropriately. Or, if evil-command is a binary and not a script, just change ownership of evil-command to ramses-nobody and slap on setuid bit.

      If this is a multi-user system, the only practical method is (1): you can set up sudo so that regular user ramses can run anything as restricted user ramses-nobody. You can even tell it to not prompt for a password when going from ramses to ramses-nobody. If it's a big system, you set up scripts so it becomes part of the account creation process. OTOH, if it's an big multiuser system, you don't worry about any of this since you keep daily backups :)

    6. Re:could this be... by zogger · · Score: 1

      --thanks for your extensive and informative reply to this noob. It helped me visualize some things better in setting up systems and how a professional effort is addressed. I also am surprised my idea was already being done in some manner, well, that means I'm surprised it had any merit at all!

      The tar utility, guess I only thought about it for individual packages, didn't realise you could do the entire drive with it. Have to give it a whack on the funsie machine here, I trash it regularly enough......

      As to the audit after getting owned, yes, that's why I mentioned it, seemed logical before allowing the compromised machine back online with the older but secure image. Just with the virtual system it might be faster to recover, as perhaps an identical one could be running simultaneously parallel to the "active" one.

      I was just looking at knoppix updates, seems like a system like that might be nice for a semi- no brainer small scale server that is fairly secure(no write access by default install), especially if you took the concept and made it bigger, added your server and custom database apps, etc, and ran it-started it- from a custom burned dvd to a large enough ram bank. Maybe anyway.....I know that would be quite expensive....

      Too bad about the "uptime" being more important in most places, you'd think data integrity would be paramount.

      Yet again another car analogy, maybe for the bean counters benefit. It's faster and you have more driving "uptime" by just occassionaly topping off the crankcase oil as needed, but the engine's integrity is a lot better and the TCO is better with periodic "down times" and really changing the oil.

    7. Re:could this be... by sjames · · Score: 1

      It's just too easy to implement in userspace. Just create a simple (and carefully debugged) suid program that does setuid to $username-nobody, and then execs the program.

      Although interesting in the kernel, It would require the kernel to implement system policy (rather than just supporting it). For example, you are user 512, how does the kernel know you're allowed to exec as user 32012?

  8. Other fun UML features by eMilkshake · · Score: 1
    I looked at UML a while back as a way to provide students with their own "linux experience," but we decided it was cheaper to set up 8 old computers than one system that could support 8 interactive sessions.

    Still, there were features that would make it ideal for such a situation. When the console boots, you can redirect the console output to a serial line or to a TCP port, so the system starts, then halts until you connect to the TCP port to monitor the progress, then it continues and you see the console output in a terminal window as if you were sitting at the console.

  9. UML by zelphi · · Score: 2, Insightful

    Before someone starts modeling OOP with this tool, they should get a new acronym. Why is it so hard to think of something original?

  10. what am i missing here? by mary_will_grow · · Score: 1

    Now, you can test applications all the way to failure without breaking the host system

    isnt that the point of a protected mode operating system?

    --
    Why stick up for big business?
    1. Re:what am i missing here? by aridhol · · Score: 2, Informative

      Theoretically, yes. However, there's always the chance that something will break. You may trigger a bug in the kernel that allows breakage. Or you may be developing the kernel itself. You run it in user space, and you have to trigger multiple bugs to break the host - a bug in the UML system and a (hopefully) different bug in the host system.

      --
      I can't say that I don't give a fuck. I've just run out of fuck to give.
  11. poor man's solution by zogger · · Score: 3, Insightful

    --the only thing I've done along these lines is to have a "spare" old hard drive with a basic system installed, that isn't plugged in to anything, but it's mounted in the drive bay. If I get a bad fubar, I'll more or less know what the last thing that happened was, so with the spare drive installed I can avoid that problem whatever it was before going online. But ya, it would sucketh to lose all the data and updates. I don't trust my level of expertise to make a backup dump or raid system all that valuable, as more or less I am as likely to just "backup" the virus or trojan should it become installed. I'm just a casual home user, not having to defend expensive server farms, etc, so the requirements aren't as great, but it still would be nice to have an easier to use method that what's available now, which is to become a security guru in your spare time. A virtual system that ran completely in a jail would be a good idea. I tried knoppix but it has some features I don't like (primarily I'm a gnome not a kde guy) and I couldn't make it dial out), but still, it's a step in the right direction and it ran surprisingly fast, much faster than I thought it would.

    To get back to the subject, YES, an additional layer of "permissions" to access the system. Two stage isn't enough, you should be able to do an instant "create on demand" full system, use it for a session then trash it, thereby eliminating anything nasty that might have occurred to you, and that temporary system could be an additional step-->out away from the actual root or user level. There should be a "this is vulnerable being online so it can't do much and nothing permanent without jumping through hoops" temp-user level. A temporary trip wire action would help, and then the system would force you to go offline and compare audits before anything was 'saved' to the disk in either a users directory or at root level. It would be saved in the virtual OSs ram cache or on swap (a "virtual swap" inside the real swap as well?), examined, if it passes, THEN it can slide downhill into normal user-space. And the box needs it's own built in battery to keep ram cache intact in case of catstrophic outside failure, so that very important but still unexamined data is not lost. I've had UPSs fail, but when a laptop was plugged in, it didn't matter, I didn't lose anything or suffer file system damage, the built in battery concept is ideal for this, and I have no idea why it isn't just common on desktops as well. They are already big and heavy, a small battery is not that much more weight or space.