"User Mode Linux allows you to run Linux kernels as user mode processes under a host Linux kernel, giving you a simple way to run several independent virtual machines on a single piece of physical hardware. Let's take a look at UML and how it can give you more bang for the hardware buck, or make it easier to debug the kernel."
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-12-02
"You are correct that the security of $HOME is a neglected topic; sometimes attacks are launched to get the information in $HOME and not to try to "own" the box. This does go against the dogma that no one cares what happens to a users directory/information on a *NIX box."
Well said. The users directory is the most important part of the box, since that is where the data is. Unfortunately very few people seem to understand that. Owning the box is bad, but the loss of data is much worse. On the other hand, if someone owns the box they can compromise ALL of the home directories, instead of possibly just that of the 1 user that does something stupid.
Member since:2005-11-11
Well said. The users directory is the most important part of the box, since that is where the data is.
If the box is serving webpages or SQL or something there need be no user directory to speak of. For a desktop box, the user directory is important, but let's be honest: the desktop is just not linux's strong point right now. (I use it on my desktop exclusively, but that just means I know exactly how few people are ready to).
Member since:
2007-01-12
I had the same idea. Step one is to build a minimal rootfs/chroot environment. A lot of that is done with symlinks into the outside filesystem, for example /usr/bin, so it will not "waste a lot of disk space". Also, you don't need as many libraries, applications, etc. to run selected applications like Firefox.
One also has to symlink some X11 Unix domain sockets (located in /tmp) into your chroot environment so that X applications can be launched. One may have to allow connections to the X server from the chroot environment, which may seem to be a "external machine" (xhost +127.0.0.1).
What UML adds over and above the chroot protection is the ability to capture an attempt to remount, for example, /dev/hda1 in order to break out of the chroot jail. So, the chroot environment built in step 1 is the input to step 2 where you run the same rootfs in UML. I ran Firefox, Opera, etc. in a chroot so I feel like with this could be done with a few hours of learning UML configuration.
You are correct that the security of $HOME is a neglected topic; sometimes attacks are launched to get the information in $HOME and not to try to "own" the box. This does go against the dogma that no one cares what happens to a users directory/information on a *NIX box.