On Wednesday 02 March 2005 21:00, Maarten wrote: > On Wednesday 02 March 2005 15:41, you wrote: > > On Tuesday 01 March 2005 13:17, Maarten wrote: > > > > In fact I guess that the miss of modules was another, indipendent problem > > (I boot most of my kernels after forgetting to install modules... I make > > sure what I really need is compiled in). > > Yes, it was an unrelated problem. > > > > This is what I see on the host system: > > > > This is the usual symptom of a 2.6.9 / .10 host with a UML old enough to > > not have the fixes. Vanilla 2.6.9 and 2.6.10 haven't them (some doubts > > about 2.6.10). > > Thanks, I solved it yesterday. > It was the missing SKAS patch.
> I got confused by the SKAS kernel help on > the guest which states (in so many words) "it is safe to say yes here" but > it really isn't, if the host kernel isn't patched for SKAS. Or so it > seems... No, I confirm that if the host misses the SKAS patch, and the guest is compiled with SKAS support, it will work. Your problem is different, it is that TT mode has a bug in that situation (btw the fault is not ours, because it works on a <=2.6.8.1 host, and I hope it will work again on a 2.6.11 host). > Applying your patch did the trick, and it applied cleanly to a non-vanilla > (Gentoo) kernel. > > The Gentoo UML howto mentions nothing about SKAS mode neither about host > kernel patching (or little). When reading the UML docs themselves it > finally dawned on me I needed that. > > Everything works just fine now. > > Out of curiosity, is a 'default' SKAS-enabled guest (and without the > host-fs kernel option) safe enough as a sandbox to let untrusted users in, > or are additional measures in order to really secure it (or more paranoia > ;-) ? Ie. how difficult is it to gain access to the host OS from the UML > guest? root can modprobe hostfs and access the host filesystem, or insert an even better module he wrote. Chrooting UML is important (remember to "touch /jail/proc/mm && mount --bind /proc/mm /jail/proc/mm" to make /proc/mm exist inside the chroot). -- Paolo Giarrusso, aka Blaisorblade Linux registered user n. 292729 http://www.user-mode-linux.org/~blaisorblade ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ User-mode-linux-user mailing list User-mode-linux-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
