From: Gil V. <gil...@ya...> - 2002-01-01 08:14:29
|
Hi, I recently "discovered" UML and I jumped in with both feet trying to compile and use it. Now, I realize that I should ask a few intelligent questions before moving further ahead. I run a small web hosting company, and I would like to offer "dedicated virtual hosting" in a safe environment. A dedicated environment will allow telnet access, ftp, the ability to reboot, etc. I'm very excited about the potential of using UML with virtual hosting, but I have some serious concerns about the resources that will be required to run 250 UMLs on one Linux box running RH 6.2. The questions I have are: 1) What is the minimum RAM that will be needed to run each UML? 2) Is it possible to have one instance of apache running on the server and then have a configuration file installed in each UML? I prefer to have one httpd parent daemon, if possible, otherwise, each UML has to have their own private httpd, which will take more RAM. 3) Has anyone successfully deployed up to 250 or so virtual hosts each in their own UML? I look forward to your replies. Gil@Vidals.net __________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com |
From: <nc...@ax...> - 2002-01-01 19:13:34
|
gi...@vi... wrote: > I run a small web hosting company, and I would like to > offer "dedicated virtual hosting" in a safe > environment. A dedicated environment will allow telnet > access, ftp, the ability to reboot, etc. > > I'm very excited about the potential of using UML with > virtual hosting, but I have some serious concerns > about the resources that will be required to run 250 > UMLs on one Linux box running RH 6.2. You'll probably find the vserver project more appropriate for this http://www.solucorp.qc.ca/miscprj/s_context.hc This gives each user their own 'root in a chroot' without the kernel capabilities to break out of the chroot or damage the hardware. It can also share libraries / binaries and thus memory with the other vservers making it very efficient. FreeVSD is a similar project. Using UML for mass hosting is a great idea but I don't think it will be as secure or fast as the vserver idea. I'd be worried that a determined hacker would be able to break out of the uml. You could always chroot each one I guess and run them as a user to limit the possible damage. -- Nick Craig-Wood nc...@ax... |
From: Jeff D. <jd...@ka...> - 2002-01-02 05:42:03
|
nc...@ax... said: > Using UML for mass hosting is a great idea but I don't think it will > be as secure or fast as the vserver idea. Maybe not as fast, but I intend to make the gap as small as possible. However, UML will be more secure. With VSD/VDS, you are partitioning some, but not all of the host resources. With UML, all resources consumed by a user are under control. I.e. I bet a fork bomb going off in a VSD/VDS-type environment will slow down everyone else. A fork bomb going off inside UML will hurt everything inside that UML, but not anyone else because a UP UML will only schedule one process on the host at a time. Also, you potentially only need one exploit to break out of any environment that's implemented directly in the host kernel. With UML, you need at least two, and more likely three, in order to gain root on the host (break out of UML, break out of chroot environment on host with no tools, local root exploit on host). > I'd be worried that a > determined hacker would be able to break out of the uml. You could > always chroot each one I guess and run them as a user to limit the > possible damage. Right. Running UMLs in a chroot environment is a good precaution to take. However, the simpler security model of UML makes it easier to gain confidence that it's bulletproof. And, having said all that, I should point out that UML is *currently* not secure. The 'jail' switch implements some, but not all, of the things needed for UML to be secure against a hostile root user. Jeff |
From: Nick Craig-W. <nc...@ax...> - 2002-01-02 10:14:18
|
On Wed, Jan 02, 2002 at 12:43:18AM -0500, Jeff Dike wrote: > nc...@ax... said: > > Using UML for mass hosting is a great idea but I don't think it will > > be as secure or fast as the vserver idea. > > Maybe not as fast, but I intend to make the gap as small as possible. > > However, UML will be more secure. With VSD/VDS, you are partitioning > some, but not all of the host resources. The vserver thing isn't quite VSD/VDS - it is a fairly simple kernel patch to 1) Fix up capabilities so they are used everywhere 2) Add a security context for each process - you can only see processes in the same context - processes in a context are scheduled together 3) Add a network context for each process - processes may only use one IP address You can run a complete unmodified RedHat / Debian distribution in a chroot and give your users root in there. The users can't break chroot because they don't have CAP_CHROOT and they can't mess with /dev/mem because they don't have CAP_MKNOD etc. > With UML, all resources consumed by a user are under control. I.e. > I bet a fork bomb going off in a VSD/VDS-type environment will slow > down everyone else. Actually not - all processes in a security context are scheduled together. > A fork bomb going off inside UML will hurt everything inside that > UML, but not anyone else because a UP UML will only schedule one > process on the host at a time. This is a good feature of UML as a hosting environment and one not shared by VSD. > Also, you potentially only need one exploit to break out of any > environment that's implemented directly in the host kernel. Very true. For the vserver thing it would need to be a either a kernel bug (buffer overflow etc) which would affect all linux users, or something which should be checked by a capability but isn't which would affect less people. > With UML, you need at least two, and more likely three, in order to > gain root on the host (break out of UML, break out of chroot > environment on host with no tools, local root exploit on host). A good point. > > I'd be worried that a determined hacker would be able to break out > > of the uml. You could always chroot each one I guess and run them > > as a user to limit the possible damage. > > Right. Running UMLs in a chroot environment is a good precaution to take. > > However, the simpler security model of UML makes it easier to gain > confidence that it's bulletproof. You mean the fact that UML runs as a user in a chroot (optionally), rather than as root with only a few capabilities in a chroot. It is a small, but significant difference - I'll grant you that! > And, having said all that, I should point out that UML is > *currently* not secure. The 'jail' switch implements some, but not > all, of the things needed for UML to be secure against a hostile > root user. It isn't that important if a user breaks UML only to find themselves in a chroot - no big deal. I really like UML and I'd love to see it used for hosting. IMHO its major strength is for kernel hacking - you can see this in another window "Kernel panic: Kernel mode fault at addr 0x100, ip 0xa005b3f1" like I just did and not worry ;-) -- Nick Craig-Wood nc...@ax... |
From: Simon B. <si...@ab...> - 2002-01-03 12:39:32
|
> I really like UML and I'd love to see it used for hosting. I've been looking at implementing virtual hosting for a while now. The vserver option is still fairly new (at least, I only saw the system announced on /. a couple of months ago). But since you mention it, I'll try it. IMO, UML is superior to VSD because it offers true root access. Inside a VSD server, the admin user has limited privileges and can't modify all files or all parts of the system. New programs will typically need to go in /usr/local, rather than where the RPM wants to put them. Also, installing some packages is a pita. It's an "OK" system, rather than something /really/ good. So I'm looking seriously at UML for virtual hosting. I managed to set up a from-scratch RH7.1 file system, and just compiled the latest UML kernel, and it looks promising. I hope to be able to run ~ 30 virtual servers -- I'll let the list know if this works or not. It will be a premium service, although I doubt there's much of a margin on it (after bandwidth costs, etc). I mainly need to pay costs on my real server so I can keep running it -- I have ambitions to develop some GPL software of my own and want to serve them from here... BTW[0], I was thinking of scripting the process I used to get a clean install RH7.1 system running, from creating the file-system to installing the packages. I would also document this process. I know there are many docs on the UML site, and the mkrootfs script, which have been my source of info, but there are occasionally a few leaps where things aren't explained. Anyone interested in this script or the document? If so, I'll try to get on and write them. I could also look at a clean install of RH7.2 and maybe Mandrake if required. BTW[1] -- anyone have any docs on chrooting processes on the host server? It's been mentioned a couple of times but I wonder what the minimum requirements are? Again, I could look at making some kind of kit to set this up on a server, and document it. -- Simon Burns |
From: <pet...@ku...> - 2002-01-03 13:11:56
|
On Thu, 3 Jan 2002 12:34:07 +0000 (GMT), you wrote: >... >So I'm looking seriously at UML for virtual hosting. I managed to set up= a >from-scratch RH7.1 file system, and just compiled the latest UML kernel, >and it looks promising. I hope to be able to run ~ 30 virtual servers -- >I'll let the list know if this works or not. It will be a premium = service, >although I doubt there's much of a margin on it (after bandwidth costs, >etc). I mainly need to pay costs on my real server so I can keep running >it -- I have ambitions to develop some GPL software of my own and want = to >serve them from here... >... the number of umls you expect to have running is right. We have running here a real box (1.3GHz, 512MB, 80++GB) and there are running 18 uml's on top of it. One uml of them is a heavy loaded news-server with batching (4GB/day Traffic, 40 Leaf-Nodes). To run them smoothly you have to modify a few things. for example the times your standard-distribution-cronjobs are running (mandb find etc) .-) The load of the real machine is acceptable: 2002-01-03-132900 0.43 1.06 1.49 1/580 31270 2002-01-03-133000 0.71 1.06 1.47 1/578 31791 2002-01-03-133100 0.42 0.91 1.39 1/578 32197 2002-01-03-133200 0.24 0.77 1.31 2/580 32541 2002-01-03-133301 0.65 0.83 1.30 1/578 626 2002-01-03-133401 0.51 0.77 1.24 1/578 1054 2002-01-03-133503 2.58 1.31 1.40 1/583 1604 2002-01-03-133600 1.64 1.29 1.39 2/579 1964 2002-01-03-133700 0.85 1.13 1.32 1/579 2383 2002-01-03-133800 2.39 1.49 1.43 2/589 3546 2002-01-03-133900 3.46 2.03 1.62 4/585 4950 2002-01-03-134003 3.58 2.34 1.75 2/586 5984 2002-01-03-134100 2.80 2.40 1.81 1/577 6538 2002-01-03-134200 1.39 2.07 1.73 1/577 6956 2002-01-03-134300 0.77 1.78 1.65 1/579 7383 2002-01-03-134400 0.73 1.56 1.58 1/581 7785 2002-01-03-134500 0.95 1.52 1.57 1/579 8305 2002-01-03-134600 0.61 1.32 1.49 1/579 8651 2002-01-03-134700 1.27 1.38 1.50 1/578 9406 2002-01-03-134801 1.89 1.53 1.55 1/588 10370 You can overcommit the amount of memory in a big range: Real Memory: 512MB, "Real" Swap: 2GB Memory-Assignments to umls: 1,5GB (in reality filesystem-buffers) But thats very moderate, i think you can calculate with factor 2 |
From: <pet...@ku...> - 2002-01-03 12:59:41
|
On Tue, 1 Jan 2002 19:13:24 GMT, you wrote: >gi...@vi... wrote: >> I run a small web hosting company, and I would like to >> offer "dedicated virtual hosting" in a safe >> environment. A dedicated environment will allow telnet >> access, ftp, the ability to reboot, etc. >> =20 >> I'm very excited about the potential of using UML with >> virtual hosting, but I have some serious concerns >> about the resources that will be required to run 250 >> UMLs on one Linux box running RH 6.2. > >You'll probably find the vserver project more appropriate for this > > http://www.solucorp.qc.ca/miscprj/s_context.hc > >This gives each user their own 'root in a chroot' without the kernel >capabilities to break out of the chroot or damage the hardware. It >can also share libraries / binaries and thus memory with the other >vservers making it very efficient. > >FreeVSD is a similar project. > >Using UML for mass hosting is a great idea but I don't think it will >be as secure or fast as the vserver idea. I'd be worried that a >determined hacker would be able to break out of the uml. You could >always chroot each one I guess and run them as a user to limit the >possible damage. I think the two worlds are fitting together, for example you can use vserver to create "boxes" to run uml's inside. (Like a chroot-Environment for umls as additional security-layer but better) Or on the other hand it may be possible to run vservers inside umls (but i dont have tested this yet) |
From: Gil V. <gil...@ya...> - 2002-01-05 06:47:13
|
Hi, Thank you everyone for your advice on running 250 or more virtual hosts using UML. I understand the RAM and other resources are a bit steep to expect UML to run fast with 250 Virtual Hosts. I tried to use http://www.freevsd.org but it was a bit difficult. I'll try http://www.solucorp.qc.ca/miscprj/s_context.hc next and see how it goes. Thanks again. Gil@Vidals.net --- Peter Schmidt <pet...@ku...> wrote: > On Tue, 1 Jan 2002 19:13:24 GMT, you wrote: > > >gi...@vi... wrote: > >> I run a small web hosting company, and I would > like to > >> offer "dedicated virtual hosting" in a safe > >> environment. A dedicated environment will allow > telnet > >> access, ftp, the ability to reboot, etc. > >> > >> I'm very excited about the potential of using > UML with > >> virtual hosting, but I have some serious > concerns > >> about the resources that will be required to run > 250 > >> UMLs on one Linux box running RH 6.2. > > > >You'll probably find the vserver project more > appropriate for this > > > > http://www.solucorp.qc.ca/miscprj/s_context.hc > > > >This gives each user their own 'root in a chroot' > without the kernel > >capabilities to break out of the chroot or damage > the hardware. It > >can also share libraries / binaries and thus memory > with the other > >vservers making it very efficient. > > > >FreeVSD is a similar project. > > > >Using UML for mass hosting is a great idea but I > don't think it will > >be as secure or fast as the vserver idea. I'd be > worried that a > >determined hacker would be able to break out of the > uml. You could > >always chroot each one I guess and run them as a > user to limit the > >possible damage. > > I think the two worlds are fitting together, > for example you can use vserver to create "boxes" to > run uml's > inside. (Like a chroot-Environment for umls as > additional > security-layer but better) > > Or on the other hand it may be possible to run > vservers inside > umls (but i dont have tested this yet) > > > > _______________________________________________ > User-mode-linux-user mailing list > Use...@li... > https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user > > > __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ |