From: Jeff D. <jd...@ka...> - 2002-09-06 18:14:13
|
da...@da... said: > I'd like to be able to pass my UML the location of the 'tun' device > node when using the 'tuntap' transport, rather than having it default > to using /dev/net/tun. Might make life easier for those of us who are > running within a chroot and are too lazy to build dev/net > directories, since they get deleted once the UML is up and running. Something I have planned is a filemap switch. You'd do something like 'filemap=3,/dev/net/tun 3</dev/net/tun' on the command line. Whenever UML wanted to open a file, it would check whether a descriptor to that file had been passed on the command line, and use that descriptor if so. This would allow chroot jails to be pretty much empty, and also make you specify on the command line every file that UML is allowed to access. It's not there yet, though. Jeff |
From: Michael R. <mc...@sa...> - 2002-09-07 18:37:21
|
-----BEGIN PGP SIGNED MESSAGE----- >>>>> "Jeff" == Jeff Dike <jd...@ka...> writes: Jeff> Something I have planned is a filemap switch. You'd do something Jeff> like Jeff> 'filemap=3,/dev/net/tun 3</dev/net/tun' on the command line. Jeff> Whenever Jeff> UML wanted to open a file, it would check whether a descriptor to Jeff> that file Jeff> had been passed on the command line, and use that descriptor if Jeff> so. That will be cool. Could it be an INET socket as well? Jeff> This would allow chroot jails to be pretty much empty, and also Jeff> make you Jeff> specify on the command line every file that UML is allowed to Jeff> access. perhaps it is time for a config file for UML? Even if it is initially just DOS-style @filename (i.e. take arguments from that file instead of the command line). ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mc...@sa... http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Finger me for keys iQCVAwUBPXpHT4qHRg3pndX9AQEfeAP/ZmzhOtBHY5vXmmleaT7ohWrUrEHHhO5D KAi5YVzybd5a5YJmDgWO0+U40f66Y8F4tbd3S5jKwreuKduIZWR8sXn2f+rNqGOq dkUYK61mfEwpn3zshParxne1ss8g5V3KkFjtDb+4TLMkgr0rAuSAjQcxLM/ixPKO NCoyMGjQoF8= =ym7k -----END PGP SIGNATURE----- |
From: William S. <wst...@po...> - 2002-09-07 18:56:15
|
Good day, Michael, On Sat, 7 Sep 2002, Michael Richardson wrote: > >>>>> "Jeff" == Jeff Dike <jd...@ka...> writes: > Jeff> Something I have planned is a filemap switch. You'd do something > Jeff> like > Jeff> 'filemap=3,/dev/net/tun 3</dev/net/tun' on the command line. > Jeff> Whenever > Jeff> UML wanted to open a file, it would check whether a descriptor to > Jeff> that file > Jeff> had been passed on the command line, and use that descriptor if > Jeff> so. > > That will be cool. > Could it be an INET socket as well? > > Jeff> This would allow chroot jails to be pretty much empty, and also > Jeff> make you > Jeff> specify on the command line every file that UML is allowed to > Jeff> access. > > perhaps it is time for a config file for UML? > > Even if it is initially just DOS-style @filename (i.e. take arguments > from that file instead of the command line). What I'm doing with my VM's is putting a file called params in ~/.uml/ . This holds all the command line parameters I use for that users. When I start up a UML, my startup script does: screen -S "$OneUser" -d -m su - "$OneUser" -c "cd /home/$OneUser/.uml ; ./$OneUser `cat /home/$OneUser/.uml/params`" (./$OneUser is a symlink to the actual "linux" binary - that allows me to "killall -TERM bozouser" without killing every uml). Cheers, - Bill --------------------------------------------------------------------------- "We have to work on our reputation for security in the marketplace." - Jim Allchin, Microsoft (Courtesy of http://www.salon.com/tech/wire/2002/05/08/microsoft/index.html?x) -------------------------------------------------------------------------- William Stearns (wst...@po...). Mason, Buildkernel, named2hosts, and ipfwadm2ipchains are at: http://www.stearns.org -------------------------------------------------------------------------- |
From: David C. <da...@da...> - 2002-09-07 22:04:04
|
Michael Richardson wrote: > That will be cool. > Could it be an INET socket as well? One would assume that you could hang anything you like off the fd, with an appropriate daemon. > perhaps it is time for a config file for UML? I like the command line - Nice and flexable. David -- David Coulson http://davidcoulson.net/ d...@vi... http://journal.davidcoulson.net/ |
From: Jeff D. <jd...@ka...> - 2002-09-08 00:16:12
|
mc...@sa... said: > Could it be an INET socket as well? Sockets would be a little trickier. There is no shell syntax for attaching a socket (or pipe) to a file descriptor like '<n file'. You could write a little wrapper that would set up the descriptors, though. Jeff |
From: Lars Marowsky-B. <lm...@su...> - 2002-09-08 09:41:54
|
On 2002-09-07T20:19:41, Jeff Dike <jd...@ka...> said: > Sockets would be a little trickier. There is no shell syntax for attaching > a socket (or pipe) to a file descriptor like '<n file'. There is. foo 3<>/dev/tcp/www.suse.de/80 Mit freundlichen Grüßen, Lars Marowsky-Brée <lm...@su...> -- Immortality is an adequate definition of high availability for me. --- Gregory F. Pfister |
From: Michael R. <mc...@sa...> - 2002-09-07 19:30:37
|
-----BEGIN PGP SIGNED MESSAGE----- >>>>> "William" == William Stearns <wst...@po...> writes: William> Good day, Michael, Yeah, that's a good idea. William> users. When I start up a UML, my startup script does: William> screen -S "$OneUser" -d -m su - "$OneUser" -c "cd /home/$OneUser/.uml ; ./$OneUser `cat /home/$OneUser/.uml/params`" William> (./$OneUser is a symlink to the actual "linux" binary - that William> allows me to "killall -TERM bozouser" without killing every uml). I make sure to set the umid, which shows up in () in ps. Is there a way to force a shutdown, but have the kernel sync the "disk" first? anoncvs.freeswan.org is a UML, started with: #!/bin/sh # $Id$ # # Starts a user-mode-linux for mounting the anonymous CVS area from # a local copy. # HOME=/home/cvsuml export HOME PATH=$HOME/bin:$PATH export PATH scren -e^Kk -d -m linux ubd0=$HOME/root/anoncvs,$HOME/rpms/root_fs.rh-7.2-full.pristine.20020312 eth0=tuntap,tap2 umid=anoncvs $* where scren is a copy of /usr/bin/screen, which has been made setuid root so that we can access it via multiuser mode. We discovered that doing "sudo su cvsuml screen -r" wasn't really workable, because screen wants to open one's tty, and pts/X is owned by "me" not the "cvsuml" user. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mc...@sa... http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Finger me for keys iQCVAwUBPXpTyYqHRg3pndX9AQEWMAQAss2fuGXFZYkZrdu3AkULjPWlIk9OSAC4 9+VvTw5T4ZecoOVCphdxf1G2MiXSBTGOwAQZFOFU80jIiZt7o/XjLMHI1gViiVUV 6ErEI3SpgxaxxGx1LAvS+x9bYqrjMZq9blKbPLbZeCJXeGtdmQIw86CCpX8y2DCw 7wsEDdIlMDI= =k3uY -----END PGP SIGNATURE----- |
From: Jeff D. <jd...@ka...> - 2002-09-08 02:13:37
|
da...@da... said: > > perhaps it is time for a config file for UML? > I like the command line - Nice and flexable. However, some wrapper around UML that read a config file might be useful. For a while, I've been wanting to see someone produce some sort of GUI UML control console that would watch over a set of UMLs, reporting status and problems. It would also likely have the ability to launch and kill UMLs, and here, the config file would be useful. Jeff |
From: David C. <da...@da...> - 2002-09-08 11:22:17
|
Jeff Dike wrote: > However, some wrapper around UML that read a config file might be useful. I've been working on a daemon for managing UMLs which listens on a TCP port so you can start & stop them, as well as generating new UML instances from a couple of default COW backing filesystems. All the fun stuff is yanked out of, or written to, a database, but it's probably not much use to most people. All I really wanted was a nice way to manage UMLs without having to shell in as root on a remote system. David -- David Coulson http://davidcoulson.net/ d...@vi... http://journal.davidcoulson.net/ |
From: Michael R. <mc...@sa...> - 2002-09-08 02:20:25
|
>>>>> "David" == David Coulson <da...@da...> writes: David> Michael Richardson wrote: >> That will be cool. Could it be an INET socket as well? David> One would assume that you could hang anything you like off the fd, David> with an appropriate daemon. It's more complicated than that. Plugging UDP in (you could do 111, 2049 and some socket for mountd and do NFS testing, or secure serving) could be done. To be useful for TCP, you have to proxy accept(2), getsockname(2)... ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mc...@sa... http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ |
From: David C. <da...@da...> - 2002-09-06 18:41:29
|
Jeff Dike wrote: > Something I have planned is a filemap switch. You'd do something like > 'filemap=3,/dev/net/tun 3</dev/net/tun' on the command line. Whenever > UML wanted to open a file, it would check whether a descriptor to that file > had been passed on the command line, and use that descriptor if so. You've mentioned this before when we talked about chroots and stuff. > This would allow chroot jails to be pretty much empty, and also make you > specify on the command line every file that UML is allowed to access. > > It's not there yet, though. Oh, well - I'll just have to fudge it for the time being. Any idea when the filemap option might be done? David -- David Coulson http://davidcoulson.net/ d...@vi... http://journal.davidcoulson.net/ |