1. 54

  2. 7

    You know you’re getting the good stuff when you see a paragraph like this:

    This post represents a lot of research and brute-force attempts at trying to do this. I have had to assemble things together using old resources, reading kernel source code, intense debugging of code that was last released when I was in elementary school, tracking down a Heroku buildpack with a pre-built binary for a tool I need and other hackery that made people in IRC call me magic. I hope that this post will function as reliable documentation for doing this with a modern kernel and operating system.

    1. 5

      Other gems from that article:

      This is about where things get really screwy. Networking for a user mode Linux system is where the “user mode” facade starts to fall apart. Networking at the system level is usually limited to privileged execution modes, for very understandable reasons.

      However, there’s an ancient and largely unmaintained tool called slirp that user mode Linux can interface with. It acts as a user-level TCP/IP stack and does not rely on any elevated permissions to run. This tool was first released in 1995, and its last release was made in 2006. This tool is old enough that compilers have changed so much in the meantime that the software has effectively rotten.

      It’s not immediately crashing, so I think it should be good!

      I have no idea how his Slackware system works fine with slirp but my Ubuntu and Alpine systems don’t, and why the binary he gave me also didn’t work; but I got something working and that’s good enough for me.

    2. 4

      by the way, on debian you can just install the user-mode-linux package instead of compiling a kernel yourself

      I had also uploaded the slirp code that debian ships, with the patches separate commits, to github: https://github.com/ailin-nemui/slirp however, it still needs to be compiled with gcc4 to produce working binaries

      1. 3

        How do you install GCC 4 on modern systems?

        1. 4

          Nix has packages for both GCC 4.8 and 4.9.

      2. 4

        the Linux kernel seems to have glibc-isms hard-assumed in the user mode Linux drivers

        damn, it’s not even portable?? sad. Would be nice to have this on other OSes.

        (actually what I’d really like is User Mode FreeBSD runnable on Linux, which would make it usable in e.g. Termux :D)

        1. 3

          Nice, I’ve been thinking about ways to build virtual machine images and embedded device root file systems, and UML looks like something that could be a big help.

          1. 3

            “This allows you to run potentially untrusted code without affecting the host machine.”

            I’m not sure what you meant by untrusted code in this case. Just going to remind everyone that, due to OS and CPU vulnerabilities, virtualization isn’t a secure way to isolate malicious code unless it’s simply not targeting one’s setup. An obfuscation. If it’s potentially malicious, a dedicated box isolated from the network is the best way to run that code. Use a KVM for convenience since they’re not targeting them yet. If available, it should boot from read-only setup, too, to reduce risk of rootkits.