[prev in list] [next in list] [prev in thread] [next in thread] 

List:       user-mode-linux-user
Subject:    Re: [uml-user] (no subject)
From:       BlaisorBlade <blaisorblade_spam () yahoo ! it>
Date:       2004-10-26 11:54:57
Message-ID: 200410261354.57972.blaisorblade_spam () yahoo ! it
[Download RAW message or body]

First - don't take discussion on private mail. I want the freedom to leave 
questions unanswered (and I do that). And to do that, keep CC'ing the list, 
so that other people can answer, too.

On Tuesday 26 October 2004 13:35, Roger.Sala@gd-ais.com wrote:
> Yeah, changing the permissions on the root file system did the trick.  That
> should have been obvious to me.

> If you check out the script below you will see that I am running my guest
> files system and swap on their own partitions.  Is there still an advantage
> to creating a chroot?

Security - a root user inside the UML could happily read everything that the 
user running it can read: an hacker can insmod something (even 
through /dev/kmem) and, if you're running UML as root, be the absolute master 
of your host.

Also, there could be some ways to go on the host even if you are only a normal 
user on the UML. Some ones are currently being fixed.

> If so, can you point me to a good how-to? 

No idea for that - search the archives or ask "how to chroot UML" with a 
meaningful subject (that is not an option if you want to be answered, often).

> I want each guest kernel to carve out its own swap and ram to avoid
> commingling of data between kernels.

> I am prototyping Multiple Independent Levels of Security (MILS)
> configurations with uml.  Any other tips like above would be appreciated.

> Thanks!

> btw, How are you liking Gentoo?

I love it, but KDE does not work yet for me. It only works as root, not as 
user. I got some yet untested clues for that (an uncorrect PATH setting 
in .bashrc), but for now I've not yet finished switching to Gentoo.

Apart of that, I'm loving it!
-- 
Paolo Giarrusso, aka Blaisorblade
Linux registered user n. 292729



-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
User-mode-linux-user mailing list
User-mode-linux-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
[prev in list] [next in list] [prev in thread] [next in thread]