From: Chris <ch...@se...> - 2005-11-23 21:07:38
|
oops, wrong button ;) -------- Original Message -------- Subject: Re: [uml-user] can't compile client >2.6.12 Date: Wed, 23 Nov 2005 21:54:32 +0100 From: Chris <ch...@se...> To: Blaisorblade <bla...@ya...> Blaisorblade wrote: >On Wednesday 23 November 2005 15:04, Chris wrote: > > >>Hi list, >> >>i have some problems with the client-binaries from blaisorblade (hard >>lockups) and are unable to compile my own 2.6.13 or .14. >>it always keeps crashing with this error (on different systems, but all >>with the hardened toolchain): >> >> > >Yep, it's not tested with that toolchain. > > > would explain everything, thx for your fast reply. are there plans to test it on hardened? or any arguments why not? (just curious). >>Btw, is the >2.6.12 series ready for production-environments? >>If not, which is the last known stable version you can suggest? >> >> >It's intended to be, and in fact it is for many people. > > i guess, if it was "not intended to be stable", someone should slap all the devs with a big frozen troud *lol* kidding aside, i asked because i was wondering why the host crashed... i mean, if "just" the uml goes down, that's ok, my script would restart it and after 1-2minutes the services would be back online again, but a complete (hard-) host-lockup is some nasty thing which should not occur as it completely negates the sense of a virtual os. but as it was my fault because i used an untested toolchain, forgive me, i'll go and change this immediatelly... >However, after 2.6.12 a great deal of new code (skas0) has been introduced, >and it is proving very sensitive to toolchain / build environment dependant >failures. > > i'm already on my way back to a non-hardened toolchain/system and will try again with 2.6.14.2 thereafter... greets, chris btw: i really love the idea of uml, it's a cool piece of software. /me shouts "thx alot for your great work" to all the uml-devs out there :) |
From: Blaisorblade <bla...@ya...> - 2005-11-24 01:19:40
|
On Wednesday 23 November 2005 22:07, Chris wrote: > would explain everything, thx for your fast reply. > are there plans to test it on hardened? or any arguments why not? (just > curious). Just developer's time - Gcc thinks to be smarter than us on some more toolchains beyond hardened :-(. We're in the process of fixing the known reports. > i guess, if it was "not intended to be stable", someone should slap all > the devs with a big frozen troud *lol* > kidding aside, i asked because i was wondering why the host crashed Ok, that's different - no matter which fscking compiler you use, the host shouldn't come down. > ... i > mean, if "just" the uml goes down, that's ok, my script would restart it > and after 1-2minutes the services would be back online again, but a > complete (hard-) host-lockup is some nasty thing which should not occur > as it completely negates the sense of a virtual os. > but as it was my fault because i used an untested toolchain, forgive me, > i'll go and change this immediatelly... Hmm, compiling the host kernel with a hardened GCC is an interesting thing... however it shouldn't create problems anyway (I think it's how Fedora kernels are compiled, since their default GCC is hardened). > btw: i really love the idea of uml, it's a cool piece of software. > /me shouts "thx alot for your great work" to all the uml-devs out there :) Thanks to you for using our work! -- Inform me of my mistakes, so I can keep imitating Homer Simpson's "Doh!". Paolo Giarrusso, aka Blaisorblade (Skype ID "PaoloGiarrusso", ICQ 215621894) http://www.user-mode-linux.org/~blaisorblade ___________________________________ Yahoo! Messenger: chiamate gratuite in tutto il mondo http://it.messenger.yahoo.com |
From: Blaisorblade <bla...@ya...> - 2005-11-24 01:41:57
|
On Thursday 24 November 2005 02:19, Blaisorblade wrote: > On Wednesday 23 November 2005 22:07, Chris wrote: > > i guess, if it was "not intended to be stable", someone should slap all > > the devs with a big frozen troud *lol* > > > > kidding aside, i asked because i was wondering why the host crashed > > Ok, that's different - no matter which fscking compiler you use, the host > shouldn't come down. Yep, this crash wasn't described in your original mail, so please add all details about the compilation environment, the host kernel, the hardware and the scenario triggering the host crash (if any). -- Inform me of my mistakes, so I can keep imitating Homer Simpson's "Doh!". Paolo Giarrusso, aka Blaisorblade (Skype ID "PaoloGiarrusso", ICQ 215621894) http://www.user-mode-linux.org/~blaisorblade ___________________________________ Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB http://mail.yahoo.it |
From: Chris <ch...@se...> - 2005-11-25 03:44:42
|
Blaisorblade wrote: >On Thursday 24 November 2005 02:19, Blaisorblade wrote: > > >>On Wednesday 23 November 2005 22:07, Chris wrote: >> >>>kidding aside, i asked because i was wondering why the host crashed >>> >>> >>Ok, that's different - no matter which fscking compiler you use, the host >>shouldn't come down. >> >> >Yep, this crash wasn't described in your original mail, so please add all >details about the compilation environment, the host kernel, the hardware and >the scenario triggering the host crash (if any). > > > here we go: Portage 2.0.51.22-r3 (hardened/x86/2.6, gcc-3.4.4, glibc-2.3.5-r2, 2.6.12-gentoo-r10-skas3-v8.2 i686) ================================================================= System uname: 2.6.12-gentoo-r10-skas3-v8.2 i686 Pentium III (Coppermine) Gentoo Base System version 1.6.13 ccache version 2.3 [enabled] dev-lang/python: 2.3.5-r2, 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.20 virtual/os-headers: 2.6.11-r2 CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium3 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CXXFLAGS="-O2 -march=pentium3 -pipe -fomit-frame-pointer" the system is a dual p3 with 1ghz (smp enabled), 2gb ram (high memory is set to 4gb), nptl. the scenario was: 2 umls running chrooted using your precompiled um32-2.6.14-release. they were bridged with the host using brctl, which so far went without problems. to really stress them i started 10 scp which endlessly copied bzipped kernelsources to and from each other (host<->uml, uml<->uml, uml<->some other machine on the net) which pushed the load on the host around 20. ~10h later the host crashed. i ran the same kind of test before without uml for 3 days nonstop to test the host system before getting the umls into game, which worked without a crash and a load around 30, so i guess it has something to do with them, but to be sure i started the test again a few minutes ago, only difference is that i'm trying your 2.6.13 binaries and on another machine i began to recompile the system without a hardened tc and will start the same test too and then post my results. memtest also ran for ~24h without a failure, so i'm sure this isn't the source of the problem. greets, chris btw, how about grsec + uml? some plans for this? (just curious, because the chroot-restrictions from grsec would be really a great thing for the paranoids beyond us *grin) |
From: Chris <ch...@se...> - 2005-11-25 12:12:18
|
Chris wrote: >Blaisorblade wrote: > >>Yep, this crash wasn't described in your original mail, so please add all >>details about the compilation environment, the host kernel, the hardware and >>the scenario triggering the host crash (if any). >> >> >> >> >> > >here we go: > >Portage 2.0.51.22-r3 (hardened/x86/2.6, gcc-3.4.4, glibc-2.3.5-r2, >2.6.12-gentoo-r10-skas3-v8.2 i686) >================================================================= >System uname: 2.6.12-gentoo-r10-skas3-v8.2 i686 Pentium III (Coppermine) >Gentoo Base System version 1.6.13 >ccache version 2.3 [enabled] >dev-lang/python: 2.3.5-r2, 2.4.2 >sys-apps/sandbox: 1.2.12 >sys-devel/autoconf: 2.13, 2.59-r6 >sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 >sys-devel/binutils: 2.16.1 >sys-devel/libtool: 1.5.20 >virtual/os-headers: 2.6.11-r2 >CBUILD="i686-pc-linux-gnu" >CFLAGS="-O2 -march=pentium3 -pipe -fomit-frame-pointer" >CHOST="i686-pc-linux-gnu" >CXXFLAGS="-O2 -march=pentium3 -pipe -fomit-frame-pointer" > >the system is a dual p3 with 1ghz (smp enabled), 2gb ram (high memory is >set to 4gb), nptl. > >the scenario was: >2 umls running chrooted using your precompiled um32-2.6.14-release. they >were bridged with the host using brctl, which so far went without >problems. to really stress them i started 10 scp which endlessly copied >bzipped kernelsources to and from each other (host<->uml, uml<->uml, >uml<->some other machine on the net) which pushed the load on the host >around 20. >~10h later the host crashed. > >i ran the same kind of test before without uml for 3 days nonstop to >test the host system before getting the umls into game, which worked >without a crash and a load around 30, so i guess it has something to do >with them, but to be sure i started the test again a few minutes ago, >only difference is that i'm trying your 2.6.13 binaries and on another >machine i began to recompile the system without a hardened tc and will >start the same test too and then post my results. >memtest also ran for ~24h without a failure, so i'm sure this isn't the >source of the problem. > >greets, chris > >btw, how about grsec + uml? some plans for this? (just curious, because >the chroot-restrictions from grsec would be really a great thing for the >paranoids beyond us *grin) > > just to let you know, a few minutes ago the host crashed again... (no net, no screen, no numlock, it's fully dead) :( if there's anything i can do to help resolve this please let me know and i'll do what i can, because i think it would be a great thing to let uml run on hardened systems. as being a 'secure virtual os' for untrusted (root-)users it can't be bad to secure the host as much as possible. thx for your time, chris |
From: Blaisorblade <bla...@ya...> - 2005-11-25 23:31:24
|
Antoine, I'm CC:ing you about your UML SELinux policy - see below for context. On Friday 25 November 2005 13:12, Chris wrote: > Chris wrote: > >Blaisorblade wrote: > >>Yep, this crash wasn't described in your original mail, so please add all > >>details about the compilation environment, the host kernel, the hardware > >> and the scenario triggering the host crash (if any). > > > >here we go: > >Portage 2.0.51.22-r3 (hardened/x86/2.6, gcc-3.4.4, glibc-2.3.5-r2, > >2.6.12-gentoo-r10-skas3-v8.2 i686) > >================================================================= > >System uname: 2.6.12-gentoo-r10-skas3-v8.2 i686 Pentium III (Coppermine) > >Gentoo Base System version 1.6.13 > >ccache version 2.3 [enabled] > >CBUILD="i686-pc-linux-gnu" > >CFLAGS="-O2 -march=pentium3 -pipe -fomit-frame-pointer" > >CHOST="i686-pc-linux-gnu" > >CXXFLAGS="-O2 -march=pentium3 -pipe -fomit-frame-pointer" > > > >the system is a dual p3 with 1ghz (smp enabled), 2gb ram (high memory is > >set to 4gb), nptl. > > > >the scenario was: > >2 umls running chrooted using your precompiled um32-2.6.14-release. they > >were bridged with the host using brctl, which so far went without > >problems. to really stress them i started 10 scp which endlessly copied > >bzipped kernelsources to and from each other (host<->uml, uml<->uml, > >uml<->some other machine on the net) which pushed the load on the host > >around 20. > >~10h later the host crashed. > > > >i ran the same kind of test before without uml for 3 days nonstop to > >test the host system before getting the umls into game, which worked > >without a crash and a load around 30, so i guess it has something to do > >with them, but to be sure i started the test again a few minutes ago, > >only difference is that i'm trying your 2.6.13 binaries and on another > >machine i began to recompile the system without a hardened tc and will > >start the same test too and then post my results. > >memtest also ran for ~24h without a failure, so i'm sure this isn't the > >source of the problem. > > > >greets, chris > >btw, how about grsec + uml? some plans for this? (just curious, because > >the chroot-restrictions from grsec would be really a great thing for the > >paranoids beyond us *grin) Let me think - you refer to the SKAS3 patch merged with grsec? I looked into this time ago on request, after somebody posted a merge, but I deadlocked on a problem for conceptually proper handling of some per-process settings. However, I remember that probably the concern wouldn't be triggered in practice by UML usage, and that possibly it was more theoretical than practical. So it may go on my TODO list, but it's very long. Instead, another possibility is the use of SELinux - I say that because Antoine Martin some time ago has written a SELinux policy and possibly he's going to share that, on request, after some tidyup (that's possibly needed). In this case, I hope Antoine would write something on the Wiki. > just to let you know, a few minutes ago the host crashed again... (no > net, no screen, no numlock, it's fully dead) :( > if there's anything i can do to help resolve this please let me know and > i'll do what i can, because i think it would be a great thing to let uml > run on hardened systems. Ok, let's focus on what's interesting - since a host crash is due to the host kernel, let's focus on that and do differential analysis. You have a *) 2.6.12 (the bug could have been fixed) *) with SKAS (it may be at fault) *) compiled with hardened toolchain (you may have discovered a miscompilation). I suggest trying to change these things in this order... > as being a 'secure virtual os' for untrusted > (root-)users it can't be bad to secure the host as much as possible. > thx for your time, chris -- Inform me of my mistakes, so I can keep imitating Homer Simpson's "Doh!". Paolo Giarrusso, aka Blaisorblade (Skype ID "PaoloGiarrusso", ICQ 215621894) http://www.user-mode-linux.org/~blaisorblade ___________________________________ Yahoo! Messenger: chiamate gratuite in tutto il mondo http://it.messenger.yahoo.com |
From: Antoine M. <an...@na...> - 2005-11-28 11:04:34
|
> Instead, another possibility is the use of SELinux - I say that because > Antoine Martin some time ago has written a SELinux policy and possibly he's > going to share that, on request, after some tidyup (that's possibly needed). I intend to publish my policy files with some help and explanation soon. The main difficulty is in allowing the system management and startup scripts to mount/unmount, chroot and modify the setup: intrinsically this is going to be tightly linked to the host's setup. Actually containing a running guest instance is relatively easy, only the networking restrictions require tweaks - as they depend on the host's setup. Antoine |
From: Chris <ch...@se...> - 2005-11-26 00:41:20
|
>Let me think - you refer to the SKAS3 patch merged with grsec? > > > No, i was not able to apply both, skas and grsec, so i used gentoo-sources-2.6.12-r10 patched with skas3, no grsec. >I looked into this time ago on request, after somebody posted a merge, but I >deadlocked on a problem for conceptually proper handling of some per-process >settings. > >However, I remember that probably the concern wouldn't be triggered in >practice by UML usage, and that possibly it was more theoretical than >practical. So it may go on my TODO list, but it's very long. > >Instead, another possibility is the use of SELinux - I say that because >Antoine Martin some time ago has written a SELinux policy and possibly he's >going to share that, on request, after some tidyup (that's possibly needed). > > SELinux is on my tolearn-list since a while, yet, but no time at the moment... but an entry on wiki about SELinux would be great, that's no question :) doesn't have to be beautiful, just somehow readable */me grin to Antoine* >>if there's anything i can do to help resolve this please let me know and >>i'll do what i can, because i think it would be a great thing to let uml >>run on hardened systems. >> >> > >Ok, let's focus on what's interesting - since a host crash is due to the host >kernel, let's focus on that and do differential analysis. > > good to know, as i was not sure we're to start at all >You have a > >*) 2.6.12 (the bug could have been fixed) > > >*) with SKAS (it may be at fault) > > too insecure, so isn't really an option >*) compiled with hardened toolchain (you may have discovered a >miscompilation). > > >I suggest trying to change these things in this order... > > will do so over the weekend and report my results greets, chris |
From: Blaisorblade <bla...@ya...> - 2005-11-26 00:48:12
|
On Saturday 26 November 2005 01:41, Chris wrote: > >Let me think - you refer to the SKAS3 patch merged with grsec? > >You have a > > > >*) 2.6.12 (the bug could have been fixed) > > > > > >*) with SKAS (it may be at fault) > > too insecure, so isn't really an option I talk about the SKAS patch on the host. You can use a host without it and run a guest binary >= 2.6.13 in SKAS0 mode, which is as secure as SKAS3 and fast enough (not as fast as SKAS3 though). > >*) compiled with hardened toolchain (you may have discovered a > >miscompilation). > >I suggest trying to change these things in this order... > will do so over the weekend and report my results > greets, chris -- Inform me of my mistakes, so I can keep imitating Homer Simpson's "Doh!". Paolo Giarrusso, aka Blaisorblade (Skype ID "PaoloGiarrusso", ICQ 215621894) http://www.user-mode-linux.org/~blaisorblade ___________________________________ Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB http://mail.yahoo.it |
From: Chris <ch...@se...> - 2005-11-26 00:54:11
|
Blaisorblade wrote: >On Saturday 26 November 2005 01:41, Chris wrote: > > >>>Let me think - you refer to the SKAS3 patch merged with grsec? >>> >>> > > > >>>You have a >>> >>>*) 2.6.12 (the bug could have been fixed) >>> >>> >>>*) with SKAS (it may be at fault) >>> >>> >>too insecure, so isn't really an option >> >> > >I talk about the SKAS patch on the host. You can use a host without it and run >a guest binary >= 2.6.13 in SKAS0 mode, which is as secure as SKAS3 and fast >enough (not as fast as SKAS3 though). > > then skas0 is skas3 without /proc/mm... (read about something like this somewhere, can't remember exactly) this is great news, grsec on the host and skas inside, cool :) will try this for sure |
From: Rob L. <ro...@la...> - 2005-11-26 21:09:46
|
On Friday 25 November 2005 18:47, Blaisorblade wrote: > I talk about the SKAS patch on the host. You can use a host without it and > run a guest binary >= 2.6.13 in SKAS0 mode, which is as secure as SKAS3 and > fast enough (not as fast as SKAS3 though). And since it's fairly unlikely that your /tmp is a tmpfs mount, you'll probably find it runs noticeably faster with TMPDIR=/dev/shm (which probably is a tmpfs mount). I'm off trying to get lilo to work with ubda, which by the way is probably something like: disk=/dev/ubda bios=0x80 cylinders=128 heads=16 sectors=63 partition=/dev/ubda1 start=63 But as soon as I get _that_ beaten into shape... Actually I've got about three nested tangents to pop off the stack first, but I intend to submit a patch changing the default, and using /tmp as a fallback. (Right now the code's not really structured to test and fall back, but it shouldn't be brain surgery to fix it. Not quite sure why the layering that's there is there, though, so I need to poke more before I voliate it...) Rob -- Steve Ballmer: Innovation! Inigo Montoya: You keep using that word. I do not think it means what you think it means. |