User-mode Linux

Last updated
User-mode Linux
Written in C
Type Virtualization
License GNU General Public License
Website user-mode-linux.sourceforge.net

User-mode Linux (UML) is a virtualization system for the Linux operating system based on an architectural port of the Linux kernel to its own system call interface, which enables multiple virtual Linux kernel-based operating systems (known as guests) to run as an application within a normal Linux system (known as the host). A Linux kernel compiled for the um architecture can then boot as a process under another Linux kernel, entirely in user space, without affecting the host environment's configuration or stability.

Contents

This method gives the user a way to run many virtual Linux machines on a single piece of hardware, allowing some isolation, typically without changing the configuration or stability of the host environment because each guest is just a regular application running as a process in user space.

Applications

Numerous things become possible through the use of UML. [1] One can run network services from a UML environment and remain totally sequestered from the main Linux system in which the UML environment runs. [2] [3] [4] [5] [6] Administrators can use UML to set up honeypots, [7] which allow one to test the security of one's computers or network. UML can serve to test and debug new software without adversely affecting the host system. UML can also be used for teaching and research, providing a realistic Linux networked environment with a high degree of safety.

In UML environments, host and guest kernel versions don't need to match, so it is entirely possible to test a "bleeding edge" version of Linux in User-mode on a system running a much older kernel. UML also allows kernel debugging to be performed on one machine, where other kernel debugging tools (such as kgdb) require two machines connected with a null modem cable.

Some web hosting providers offer UML-powered virtual servers for lower prices than true dedicated servers. Each customer has root access on what appears to be their own system, while in reality one physical computer is shared between many people.

libguestfs has supported a UML backend since version 1.24 [8] as an alternative to using QEMU or KVM.

Integration into the Linux kernel

The UML guest application (a Linux binary ELF) was originally available as a patch for some Kernel versions above 2.2.x, and the host with any kernel version above 2.2.x supported it easily in the thread mode (i.e., non-SKAS3).

As of Linux 2.6.0, it is integrated into the main kernel source tree. A method of running a separate kernel address space (SKAS) that does not require host kernel patching has been implemented. This improves performance and security over the old Traced Thread approach, in which processes running in the UML share the same address space from the host's point of view, which leads the memory inside the UML to not be protected by the memory management unit. Unlike the current UML using SKAS, buggy or malicious software inside a UML running on a non-SKAS host could be able to read the memory space of other UML processes or even the UML kernel memory. [9]

Comparison with other technologies

User-mode Linux is generally considered[ by whom? ] to have lower performance than some competing technologies, such as Xen and OpenVZ.[ citation needed ] Future work in adding support for x86 virtualization to UML may reduce this disadvantage.

Often cited as a strength of Xen (a competing technology) is support for thread-local storage (TLS). This is now also supported in the latest UML kernels. Xen concentrates on virtualizing the whole machine, and thus all systems running on a Xen machine are really virtual machines. In UML, the host machine is not virtualized in any way, and only guest systems are true virtual machines. This allows UML guest direct access to host filesystems and hardware, where it is common to map a host directory (e.g., /uml/root/).

Supported platforms

UML was originally designed for the x86 instruction set, but has also been ported to others including IA-64 and PowerPC. [ citation needed ]

See also

Related Research Articles

<span class="mw-page-title-main">Device driver</span> Software interface to attached devices

In the context of an operating system, a device driver is a computer program that operates or controls a particular type of device that is attached to a computer or automaton. A driver provides a software interface to hardware devices, enabling operating systems and other computer programs to access hardware functions without needing to know precise details about the hardware being used.

A modern computer operating system usually uses virtual memory to provide separate address spaces or separate regions of a single address space, called user space and kernel space. Primarily, this separation serves to provide memory protection and hardware protection from malicious or errant software behaviour.

RTLinux is a hard realtime real-time operating system (RTOS) microkernel that runs the entire Linux operating system as a fully preemptive process. The hard real-time property makes it possible to control robots, data acquisition systems, manufacturing plants, and other time-sensitive instruments and machines from RTLinux applications. The design was patented. Despite the similar name, it is not related to the Real-Time Linux project of the Linux Foundation.

<span class="mw-page-title-main">Xen</span> Type-1 hypervisor

Xen is a free and open-source type-1 hypervisor, providing services that allow multiple computer operating systems to execute on the same computer hardware concurrently. It was originally developed by the University of Cambridge Computer Laboratory and is now being developed by the Linux Foundation with support from Intel, Citrix, Arm Ltd, Huawei, AWS, Alibaba Cloud, AMD, Bitdefender and EPAM Systems.

<span class="mw-page-title-main">Cooperative Linux</span> Software to run Windows and Linux simultaneously

Cooperative Linux, abbreviated as coLinux, is software which allows Microsoft Windows and the Linux kernel to run simultaneously in parallel on the same machine.

A hypervisor, also known as a virtual machine monitor (VMM) or virtualizer, is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine. The hypervisor presents the guest operating systems with a virtual operating platform and manages the execution of the guest operating systems. Unlike an emulator, the guest executes most instructions on the native hardware. Multiple instances of a variety of operating systems may share the virtualized hardware resources: for example, Linux, Windows, and macOS instances can all run on a single physical x86 machine. This contrasts with operating-system–level virtualization, where all instances must share a single kernel, though the guest operating systems can differ in user space, such as different Linux distributions with the same kernel.

<span class="mw-page-title-main">QEMU</span> Free virtualization and emulation software

The Quick Emulator (QEMU) is a free and open-source emulator that uses dynamic binary translation to emulate a computer's processor; that is, it translates the emulated binary codes to an equivalent binary format which is executed by the machine. It provides a variety of hardware and device models for the virtual machine, enabling it to run different guest operating systems. QEMU can be used with a Kernel-based Virtual Machine (KVM) to emulate hardware at near-native speeds. Additionally, it supports user-level processes, allowing applications compiled for one processor architecture to run on another.

The magic SysRq key is a key combination understood by the Linux kernel, which allows the user to perform various low-level commands regardless of the system's state. It is often used to recover from freezes, or to reboot a computer without corrupting the filesystem. Its effect is similar to the computer's hardware reset button but with many more options and much more control.

OS-level virtualization is an operating system (OS) virtualization paradigm in which the kernel allows the existence of multiple isolated user space instances, including containers, zones, virtual private servers (OpenVZ), partitions, virtual environments (VEs), virtual kernels, and jails. Such instances may look like real computers from the point of view of programs running in them. A computer program running on an ordinary operating system can see all resources of that computer. Programs running inside a container can only see the container's contents and devices assigned to the container.

<span class="mw-page-title-main">Protection ring</span> Layer of protection in computer systems

In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults and malicious behavior.

<span class="mw-page-title-main">Finnix</span> Linux distribution

Finnix is a Debian-based Live CD operating system, developed by Ryan Finnie and intended for system administrators for tasks such as filesystem recovery, network monitoring and OS installation. Finnix is a relatively small distribution, with an ISO download size of approximately 100 MiB, and is available for the x86 and PowerPC architectures, and paravirtualized systems. Finnix can be run off a bootable CD, a USB flash drive, a hard drive, or network boot (PXE).

<span class="mw-page-title-main">OpenVZ</span> Operating-system level virtualization technology

OpenVZ is an operating-system-level virtualization technology for Linux. It allows a physical server to run multiple isolated operating system instances, called containers, virtual private servers (VPSs), or virtual environments (VEs). OpenVZ is similar to Solaris Containers and LXC.

<span class="mw-page-title-main">Kernel-based Virtual Machine</span> Virtualization module in the Linux kernel

Kernel-based Virtual Machine (KVM) is a free and open-source virtualization module in the Linux kernel that allows the kernel to function as a hypervisor. It was merged into the mainline Linux kernel in version 2.6.20, which was released on February 5, 2007. KVM requires a processor with hardware virtualization extensions, such as Intel VT or AMD-V. KVM has also been ported to other operating systems such as FreeBSD and illumos in the form of loadable kernel modules.

<span class="mw-page-title-main">Virtualization</span> Methods for dividing computing resources

In computing, virtualization (v12n) is a series of technologies that allows dividing of physical computing resources into a series of virtual machines, operating systems, processes or containers.

<span class="mw-page-title-main">Kernel (operating system)</span> Core of a computer operating system

A kernel is a computer program at the core of a computer's operating system that always has complete control over everything in the system. The kernel is also responsible for preventing and mitigating conflicts between different processes. It is the portion of the operating system code that is always resident in memory and facilitates interactions between hardware and software components. A full kernel controls all hardware resources via device drivers, arbitrates conflicts between processes concerning such resources, and optimizes the utilization of common resources e.g. CPU & cache usage, file systems, and network sockets. On most systems, the kernel is one of the first programs loaded on startup. It handles the rest of startup as well as memory, peripherals, and input/output (I/O) requests from software, translating them into data-processing instructions for the central processing unit.

Second Level Address Translation (SLAT), also known as nested paging, is a hardware-assisted virtualization technology which makes it possible to avoid the overhead associated with software-managed shadow page tables.

<span class="mw-page-title-main">Qubes OS</span> Security-focused Linux-based operating system

Qubes OS is a security-focused desktop operating system that aims to provide security through isolation. Isolation is provided through the use of virtualization technology. This allows the segmentation of applications into secure virtual machines called qubes. Virtualization services in Qubes OS are provided by the Xen hypervisor.

A system virtual machine is a virtual machine (VM) that provides a complete system platform and supports the execution of a complete operating system (OS). These usually emulate an existing architecture, and are built with the purpose of either providing a platform to run programs where the real hardware is not available for use, or of having multiple instances of virtual machines leading to more efficient use of computing resources, both in terms of energy consumption and cost effectiveness, or both. A VM was originally defined by Popek and Goldberg as "an efficient, isolated duplicate of a real machine".

<span class="mw-page-title-main">Windows Subsystem for Linux</span> Feature for a Linux environment in Windows

Windows Subsystem for Linux (WSL) is a feature of Microsoft Windows that allows for using a Linux environment without the need for a separate virtual machine or dual booting. WSL is installed by default in Windows 11. In Windows 10, it can be installed either by joining the Windows Insider program or manually via Microsoft Store or Winget.

A virtual kernel architecture (vkernel) is an operating system virtualisation paradigm where kernel code can be compiled to run in the user space, for example, to ease debugging of various kernel-level components, in addition to general-purpose virtualisation and compartmentalisation of system resources. It is used by DragonFly BSD in its vkernel implementation since DragonFly 1.7, having been first revealed in September 2006, and first released in the stable branch with DragonFly 1.8 in January 2007.

References

  1. Landley, Rob (2009-12-16). "Rob's quick and dirty UML howto" . Retrieved 2023-08-08.
  2. "Virtual Network User-Mode-Linux". 2012-02-13. Retrieved 2023-08-08.
  3. "Netkit: Features". 2009-12-03. Archived from the original on 2020-05-11. Retrieved 2023-08-08.
  4. Jean-Vincent Loddo; Luca Saiu. "Marionnet: a virtual network laboratory" . Retrieved 2023-08-08.
  5. "Cloonix Documentation: v03-04". 2019-06-01. Retrieved 2023-08-08.
  6. "Welcome to GINI! A Toolkit for Constructing User-Level Micro Internets". McGill University. 2009-09-28. Retrieved 2023-08-08.
  7. "UML as a honeypot". 2007-07-13. Retrieved 2023-08-08.
  8. Richard WM Jones (August 11, 2013). "Experimental User-Mode Linux backend for libguestfs" . Retrieved 2019-08-29.
  9. Dike, Jeff (2006-04-12). User Mode Linux. Prentice Hall. p. 197. ISBN   9780131865051.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.