Loading
Running Network Services under User-Mode Linux, Part I
Leverage the Linux kernel's virtualization features to isolate network dæmons.
First, you need to make sure you've got the right kind of kernel on your host system. You very likely may need to compile a new kernel.
On the one hand, some Linux distributions already have User-Mode Linux compiled into their default kernels. On the other hand, your distribution of choice may or may not also have the skas (separate kernel address space) patch compiled in as well. It is, in fact, somewhat unlikely that your default kernel has skas support. Although the Linux kernel source code has included UML support since version 2.6.9, the skas patch is still maintained separately (and Linus has resisted its inclusion).
The skas patch is important. It greatly improves UML performance and security by running the guest system's kernel in separate address space from its other processes (just like the host's kernel does). The User-Mode Linux Web site's skas page on SourceForge provides a more detailed explanation of why you need skas (see the on-line Resources).
To obtain kernel source code, your best bet may be simply to install your Linux distribution's kernel-source package. Take care, however, that your distribution provides a kernel version of 2.6.9 or higher, because UML support is included from 2.6.9 onward, and prior UML patches had security vulnerabilities.
Because Debian 3.1 still uses kernel version 2.6.8, I decided not to use the official Debian kernel packages and instead downloaded the 2.6.17 kernel from kernel.org. I did, however, install the kernel-package package, which provides tools for generating Debian packages from official kernel source.
Besides kernel source code, you need the skas patch, the latest version of which is available on Blaisorblade's site (see Resources). Be sure to download the patch version that corresponds to the kernel source code you're about to patch.
On my Debian host, I unpacked my official source code to /usr/src/linux-2.6.17.3, renamed the source code directory to /usr/src/linux-2.6.17.3-host and copied the skas patch tarball (skas-2.6.17-rc5-v9-pre9.patch.bz2) to /usr/src. I then changed ownership of the directory /usr/src/linux-2.6.17.3-host to a nonroot account. (Adhering to the principle of never being root unless you really need to, we're going to do most of this kernel build as an unprivileged user.)
Here are the commands I executed as root:
host:/usr/src/# tar -xjvf ./linux-2.6.17.3.tar.bz host:/usr/src/# mv ./linux-2.6.17.3 ./linux-2.6.17.3-host host:/usr/src/# chown mick ./linux-2.6.17.3 host:/usr/src/# su - mick
To apply the skas patch, I then navigated, as my nonroot user, to /usr/src/linux-2.6.17.3-host and ran the following command:
host:/usr/src/linux-2.6.17.3-host$ bunzip2 -c ↪../skas-2.6.17-rc5-v9 -pre9.patch.bz2 | patch -p1
Next, from the same directory, I issued the command make menuconfig. When setting up the kernel configuration for User-Mode Linux, the defaults generally are fine, though you should ensure that the configuration matches your host's hardware. In addition, it's probably prudent to double-check the following settings:
Under Processor type and features, make sure /proc/mm is enabled.
Under Networking options, make sure IP: tunneling and 802.1d Ethernet Bridging are enabled. If you intend to restrict guest system behavior with iptables, you also may want to check the Network packet filtering section to ensure that Core Netfilter Configuration, IP: Netfilter Configuration and Bridged IP/ARP packets filtering are set up.
Under Network device support, enable Universal TUN/TAP device driver support.
And, by all means, make sure to hard-compile (into the kernel, not as a module) the filesystem in which your system's root partition is formatted (for example, ext3 or ReiserFS).
From this point on, the process is the same with any other kernel build: issue the commands make bzImage and make modules;. Then, become root and issue the commands make modules, make modules_install and make install. (Or in the case of Debian, use the make-kpkg command to achieve the same thing, and run dpkg to install the resulting kernel package.)
Once your new host kernel is installed, reboot your system. Your host system is now capable of running User-Mode Linux guest systems.
______________________
White Paper
Fabric-Based Computing Enables Optimized Hyperscale Data Centers
Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- Validate an E-Mail Address with PHP, the Right Way
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Home, My Backup Data Center
- New Products
- RSS Feeds
- Readers' Choice Awards
- Epistle
3 min 22 sec ago - Automatically updating Guest Additions
1 hour 11 min ago - I like your topic on android
1 hour 58 min ago - Reply to comment | Linux Journal
2 hours 19 min ago - This is the easiest tutorial
8 hours 34 min ago - Ahh, the Koolaid.
14 hours 12 min ago - git-annex assistant
20 hours 12 min ago - direct cable connection
20 hours 34 min ago - Agreed on AirDroid. With my
20 hours 45 min ago - I just learned this
20 hours 49 min ago
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.
Comments
Thanks
Thanks for sharing.
Skas patch not needed
There's no need for a skas patch (skas3). The latest UML kernel sources, include a mode called skas0, which has the benefits of skas3 without having to patch to host kernel.
Cheers,
Ludovic.