Please enlighten me of my ignorance. Original Belief: I can use UML as a virtual machine; jail untrusted processes.
Problem: Let's say I am a user U, on a machine M running Linux. I run an instance, UML1 of User Mode Linux. Within this instance of UML1, I create a new user "jailedUser". "jailedUser" executes a program in UML1, "untrustedProg". Now, we know that M is running in ring 0. UML1 is running as a process, so it's in ring 3. If this is the case, what protects "untrustedProg" from playing around with the kernel memory of UML1? If not, this means that "untrustedProg" effectively has the same privileges as UML1, which would be having the same priviledges as U on M, ... in which case I'm no longer sure what I gain by running UML in the first place. I think there is a flaw in my logic. Please correct me. Thanks, --TongKe Xue ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ User-mode-linux-user mailing list User-mode-linux-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
