http://www.osnews.com/story/16926/How_to_Run_Linux_Inside_Linux_with_User_Mode_Linux Exploring the Future of Computing en-us Copyright 2001-2009, David Adams adam+nospam@osnews.com Tue, 24 Nov 2009 14:49:17 GMT http://www.osnews.com/images/osnews.gif http://www.osnews.com http://osnews.com/thread?200931 http://osnews.com/thread?200931 UML, KVM, XEN, QEMU, Parallels, Virtual PC, Bochs. I'm so confused... Fri, 12 Jan 2007 00:57:00 GMT donotreply@osnews.com (setuid_w00t) Comments http://osnews.com/thread?200944 http://osnews.com/thread?200944 You forgot VMWare... :-) Fri, 12 Jan 2007 01:20:00 GMT donotreply@osnews.com (archiesteel) Comments http://osnews.com/thread?200954 http://osnews.com/thread?200954 Makes me think of those nesting souvenir Russian dolls. Fri, 12 Jan 2007 02:03:00 GMT donotreply@osnews.com (Sphinx) Comments http://osnews.com/thread?200992 http://osnews.com/thread?200992 Unlike most others (Virtual PC/Bochs/VMWare kind), it integrates much better with the host OS (similar to what coLinux has done for running linux inside windows). Fri, 12 Jan 2007 03:49:00 GMT donotreply@osnews.com (journey) Comments http://osnews.com/thread?201011 http://osnews.com/thread?201011 i dont really understand what there is to be confused about. its really quite simple, and what each of these things does can be very easily found out, by reading for a few minutes on their websites. Fri, 12 Jan 2007 06:01:00 GMT donotreply@osnews.com (Redeeman) Comments http://osnews.com/thread?201034 http://osnews.com/thread?201034 You mean Matryoshka?
http://en.wikipedia.org/wiki/Matryoshka_doll :] Fri, 12 Jan 2007 09:50:00 GMT donotreply@osnews.com (IceCubed) Comments http://osnews.com/thread?201112 http://osnews.com/thread?201112 I am no expert in virtualization and emulation, so I'd like to ask something:

Can this be used to insulate a potentially dangerous application like a web browser or any other network based application in a diferent virtual machine, and then run them side by side, the host holding the local documents and projects and most work the user has, with the emulated virtual system executing everything web-related (browsers, im and all that stuff) ?

I don't know if it would be feasible, since it would probably waste a lot of disk space and memory running things like this but... is it possible ? Fri, 12 Jan 2007 16:49:00 GMT donotreply@osnews.com (AlexandreAM) Comments http://osnews.com/thread?201139 http://osnews.com/thread?201139 I had the same idea. Step one is to build a minimal rootfs/chroot environment. A lot of that is done with symlinks into the outside filesystem, for example /usr/bin, so it will not "waste a lot of disk space". Also, you don't need as many libraries, applications, etc. to run selected applications like Firefox.
One also has to symlink some X11 Unix domain sockets (located in /tmp) into your chroot environment so that X applications can be launched. One may have to allow connections to the X server from the chroot environment, which may seem to be a "external machine" (xhost +127.0.0.1).

What UML adds over and above the chroot protection is the ability to capture an attempt to remount, for example, /dev/hda1 in order to break out of the chroot jail. So, the chroot environment built in step 1 is the input to step 2 where you run the same rootfs in UML. I ran Firefox, Opera, etc. in a chroot so I feel like with this could be done with a few hours of learning UML configuration.

You are correct that the security of $HOME is a neglected topic; sometimes attacks are launched to get the information in $HOME and not to try to "own" the box. This does go against the dogma that no one cares what happens to a users directory/information on a *NIX box. Fri, 12 Jan 2007 18:44:00 GMT donotreply@osnews.com (cushioncritter) Comments http://osnews.com/thread?201144 http://osnews.com/thread?201144 "You are correct that the security of $HOME is a neglected topic; sometimes attacks are launched to get the information in $HOME and not to try to "own" the box. This does go against the dogma that no one cares what happens to a users directory/information on a *NIX box."

Well said. The users directory is the most important part of the box, since that is where the data is. Unfortunately very few people seem to understand that. Owning the box is bad, but the loss of data is much worse. On the other hand, if someone owns the box they can compromise ALL of the home directories, instead of possibly just that of the 1 user that does something stupid. Fri, 12 Jan 2007 18:56:00 GMT donotreply@osnews.com (DrillSgt) Comments http://osnews.com/thread?201198 http://osnews.com/thread?201198 >>Can this be used to insulate a potentially dangerous application like a web browser or any other network based application in a diferent virtual machine, and then run them side by side, the host holding the local documents and projects and most work the user has, with the emulated virtual system executing everything web-related (browsers, im and all that stuff) ?I don't know if it would be feasible, since it would probably waste a lot of disk space and memory running things like this but... is it possible ? Fri, 12 Jan 2007 21:02:00 GMT donotreply@osnews.com (Rev.Tig) Comments http://osnews.com/thread?201278 http://osnews.com/thread?201278 Well said. The users directory is the most important part of the box, since that is where the data is.

If the box is serving webpages or SQL or something there need be no user directory to speak of. For a desktop box, the user directory is important, but let's be honest: the desktop is just not linux's strong point right now. (I use it on my desktop exclusively, but that just means I know exactly how few people are ready to). Sat, 13 Jan 2007 02:19:00 GMT donotreply@osnews.com (MamiyaOtaru) Comments http://osnews.com/thread?201290 http://osnews.com/thread?201290 "If the box is serving webpages or SQL or something there need be no user directory to speak of. For a desktop box, the user directory is important, but let's be honest: the desktop is just not linux's strong point right now. (I use it on my desktop exclusively, but that just means I know exactly how few people are ready to)."

True enough, but is all how the box is set up. Some of mine server web pages, and they do so from a user directory so I leave the system partitions intact. For an ISP, most of the web pages are served from user directories. Want a customer ticked off? Tell them that their home directory was lost. Sat, 13 Jan 2007 04:17:00 GMT donotreply@osnews.com (DrillSgt) Comments