Re: [uml-devel] Making UML Single Threader

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Nix <nix@esperi.org.uk>
To: Blaisorblade <blaisorblade@yahoo.it>
Cc: user-mode-linux-devel@lists.sourceforge.net,
	Jeff Dike <jdike@addtoit.com>, Rob Landley <rob@landley.net>,
	Can Sar <csar@stanford.edu>
Subject: Re: [uml-devel] Making UML Single Threader
Date: Mon, 14 Nov 2005 20:00:39 +0000	[thread overview]
Message-ID: <87veyvuhi0.fsf@amaterasu.srvr.nix> (raw)
In-Reply-To: <200511142037.56022.blaisorblade@yahoo.it> (blaisorblade@yahoo.it's message of "Mon, 14 Nov 2005 20:37:55 +0100")

On Mon, 14 Nov 2005, blaisorblade@yahoo.it moaned:
> On Monday 14 November 2005 14:59, Nix wrote:
>> I've long wanted to do the same sort of thing,
> 
> I guess you would like to run userspace processes or at least to call libUML 
> to configure something (but I don't think you can ask a kernel to do so much, 
> without allowing it to run userspace processes)...

Yeah: the idea is that you run all that's needed to configure things, but
then halt it and let routing et al continue. :)

>> to do with a UML the same 
>> sort of thing you can do with a real Linux box: that is, set up
>> networking and a bridging firewall, 
> 
>> then halt it: 
> 
> I.e. "shutdown now" without -h? Halt without poweroff?

i.e. `shutdown -h now' without poweroff-on-shutdown built into the
kernel. Shutdown and halt without poweroff (or tearing the network down,
obviously).

>> the kernel keeps 
>> processing network packets and firewalling and bridging them perfectly
>> well, but attackers now have *real* trouble changing the configuration.
> 
> _BLINK_ _BLINK_

That's what I thought when I first heard of it :)

> Is this a _documented_ feature 8-() ?

Not that I know of, but it's been true for a long, long time: before my
firewall ran UML it used to rely on it, and it's the only feature that
old firewall had that I'd still like to have back.

It's been true for longer than I've used Linux: Rogier Wolff describes
it in
<http://www.redhat.com/archives/linux-security/1997-April/msg00019.html>.
The top of that thread has someone calling it a problem, and Alan Cox
promptly follows up and calls it a feature. If Alan says that a feature
of networking of that vintage is intentional I guess it counts as sort
of documented. )

-- 
`Holy Google, pray for us sinners now and in the hour of our job interview.'

-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel

next prev parent reply	other threads:[~2005-11-14 20:01 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-06 23:23 [uml-devel] Does UML 2.6.14 work under x86-64? Rob Landley
2005-11-07 16:25 ` Jeff Dike
2005-11-07 19:32 ` Blaisorblade
2005-11-07 14:38   ` David Lang
2005-11-07 19:44   ` Blaisorblade
2005-11-08  0:53   ` Rob Landley
2005-11-07 14:47     ` David Lang
2005-11-07 15:30       ` David Lang
2005-11-08  3:39       ` Rob Landley
2005-11-08  5:13 ` [uml-devel] Making UML Single Threader Can Sar
2005-11-08  7:09   ` Rob Landley
2005-11-08  7:44     ` Can Sar
2005-11-09  0:35       ` Rob Landley
2005-11-09  0:48         ` Blaisorblade
2005-11-09  1:17           ` Rob Landley
2005-11-09  1:31             ` Blaisorblade
2005-11-09  3:18               ` Rob Landley
2005-11-10  4:18                 ` Jeff Dike
2005-11-10  4:58                   ` Rob Landley
2005-11-10  6:23                     ` Henrik Nordstrom
2005-11-10  4:07         ` Jeff Dike
2005-11-10  3:55           ` Rob Landley
2005-11-08 15:46     ` Jeff Dike
2005-11-09  0:27       ` Rob Landley
2005-11-14 13:59       ` Nix
2005-11-14 19:37         ` Blaisorblade
2005-11-14 20:00           ` Nix [this message]
2005-11-14 20:05             ` Geert Uytterhoeven
2005-11-15 11:39           ` Henrik Nordstrom
2005-11-16  1:23             ` Rob Landley
2005-11-08 16:13     ` Blaisorblade
2005-11-09  0:51       ` Rob Landley
2005-11-08 15:43   ` Jeff Dike
2005-11-08 16:10     ` Blaisorblade
2005-11-08 19:11     ` Can Sar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87veyvuhi0.fsf@amaterasu.srvr.nix \
    --to=nix@esperi.org.uk \
    --cc=blaisorblade@yahoo.it \
    --cc=csar@stanford.edu \
    --cc=jdike@addtoit.com \
    --cc=rob@landley.net \
    --cc=user-mode-linux-devel@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.