--- Jeff Dike <[EMAIL PROTECTED]> wrote: > On Tue, Oct 24, 2006 at 08:07:20AM -0800, John P. Mitchell wrote: > > Found another one: > > > > http://user-mode-linux.sourceforge.net/help-kernel-v1.html > > The bullet point is "protect kernel memory from userspace" > > Oops, very obsolete. > > That's not an issue any more. >
Jeff: Would running a UML instance from a user account with no priviledges on the host be sufficient to prevent a root process controlled by a malicious user running within the UML from taking any possible advantage of the host? I realize that it is probably advisable (due to bugs not currently known) to run the UML instance from within a chroot containing only the UML kernel and its filesystem image and a few device nodes like /dev/net/tun needed to bring up networking, but as far as you know, is it *necessary* to do so? Chris Marshall If I ran a UML instance on a host and wanted To the best of your knowledge, then, the only known requirement for isolating UML instances from each other and from the host is that the user accounts under which the instances ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ User-mode-linux-user mailing list User-mode-linux-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
