Menu
▾
▴
Re: [coLinux-devel] Re: Posix Subsystem for ReactOS - Project 2010
|
From: Ian C. B. <ia...@bl...> - 2004-01-31 06:14:37
|
On Thu, Jan 29, 2004 at 01:26:52AM +0000, Nuno Silva wrote: > >At the moment, UML is the hosting platform of choice for virtual Linux > > I can be wrong, but I think that coLinux doesn't play in this field > (virtual servers for *untrusted* root users) because, unlike UML or XEN, > the "virtual" linux can bring the host down. A UML may be run as a Honeypot. There really hasn't been talk of using Xen for the same on the list. Honestly, this isn't what I'm looking for. I'm not suggesting giving root to untrusted users for hosting purposes. Even with the fairsched kernel patch on a SKAS enabled host, users may still monopolize system resources with UML (namely system IO). It's actually easier to provision independant "virtual servers" in a virtual networked topology rather than pile layer after layer of complexity onto a single image. With separate IP stacks, you can intermix LVS servers and iptables firewall boxes between content hosting images and VMWare servers. We are doing this with UML and VMWare now, but the performance really could use some help (particularly when UML images become IO bound). > Disabling interrupts and entering and endless loop or /bin/cat > /dev/random > /proc/kmem or some other havoc will do this... In an ideal world, a virtual image would be sandboxed off from other images and the host kernel. From a management perspective, I would rather have a dozen "just as insecure" but separate images serving simplified purposes than one large complex system. You can always lock down and compartmentalize those insecure kernels using standard techniques. > Even with this possible drawback, the system is very usefull for running > "trusted" linux systems at (near) hardware speed. Precisely what I am looking for. > >I would LOVE to have a Linux self-hosted, ring 0 device driver driven, > > Me too :-) And, as you said, there are some solutions right now, each > with their pro's and con's. Getting a Linux/x86 native host port working would be a great first step. Is anyone actively working on this at the moment? I would love to help any way I can. - Ian C. Blenke <ia...@bl...> |
