On Tue, 8 Nov 2005, Jeff Dike prattled cheerily: > On Tue, Nov 08, 2005 at 01:09:06AM -0600, Rob Landley wrote: >> > So I don't care about systemcall interception or anything like that, >> >> *blink* *blink* >> >> Ok, you want user mode linux, but you don't want it to actually run user >> processes, nor do want it to be able to intercept system calls. >> >> Um... What's left? > > Only all of Linux. It so happens that I want exactly the same thing for > libUML, except I haven't had time to do anything about it.
I've long wanted to do the same sort of thing, to do with a UML the same sort of thing you can do with a real Linux box: that is, set up networking and a bridging firewall, then halt it: the kernel keeps processing network packets and firewalling and bridging them perfectly well, but attackers now have *real* trouble changing the configuration. You stop it with kill() on the host, or mconsole; as it's halted and all fsen are unmounted and so on, you're safe from filesystem corruption. When combined with CONFIG_NETCONSOLE, you can even keep an eye on it. :) The necessary hack looks quite simple: I just haven't got around to it. -- `Holy Google, pray for us sinners now and in the hour of our job interview.' ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ User-mode-linux-devel mailing list User-mode-linux-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
