User-mode Linux

Last updated
User-mode Linux
Written in C
Type Virtualization
License GNU General Public License
Website user-mode-linux.sourceforge.net

User-mode Linux (UML) is a virtualization system for the Linux operating system based on an architectural port of the Linux kernel to its own system call interface, which enables multiple virtual Linux kernel-based operating systems (known as guests) to run as an application within a normal Linux system (known as the host). A Linux kernel compiled for the um architecture can then boot as a process under another Linux kernel, entirely in user space, without affecting the host environment's configuration or stability.

Contents

This method gives the user a way to run many virtual Linux machines on a single piece of hardware, allowing some isolation, typically without changing the configuration or stability of the host environment because each guest is just a regular application running as a process in user space.

Applications

Numerous things become possible through the use of UML. [1] One can run network services from a UML environment and remain totally sequestered from the main Linux system in which the UML environment runs. [2] [3] [4] [5] [6] Administrators can use UML to set up honeypots, [7] which allow one to test the security of one's computers or network. UML can serve to test and debug new software without adversely affecting the host system. UML can also be used for teaching and research, providing a realistic Linux networked environment with a high degree of safety.

In UML environments, host and guest kernel versions don't need to match, so it is entirely possible to test a "bleeding edge" version of Linux in User-mode on a system running a much older kernel. UML also allows kernel debugging to be performed on one machine, where other kernel debugging tools (such as kgdb) require two machines connected with a null modem cable.

Some web hosting providers offer UML-powered virtual servers for lower prices than true dedicated servers. Each customer has root access on what appears to be their own system, while in reality one physical computer is shared between many people.

libguestfs has supported a UML backend since version 1.24 [8] as an alternative to using QEMU or KVM.

Integration into the Linux kernel

The UML guest application (a Linux binary ELF) was originally available as a patch for some Kernel versions above 2.2.x, and the host with any kernel version above 2.2.x supported it easily in the thread mode (i.e., non-SKAS3).

As of Linux 2.6.0, it is integrated into the main kernel source tree. A method of running a separate kernel address space (SKAS) that does not require host kernel patching has been implemented. This improves performance and security over the old Traced Thread approach, in which processes running in the UML share the same address space from the host's point of view, which leads the memory inside the UML to not be protected by the memory management unit. Unlike the current UML using SKAS, buggy or malicious software inside a UML running on a non-SKAS host could be able to read the memory space of other UML processes or even the UML kernel memory. [9]

Comparison with other technologies

User-mode Linux is generally considered[ by whom? ] to have lower performance than some competing technologies, such as Xen and OpenVZ.[ citation needed ] Future work in adding support for x86 virtualization to UML may reduce this disadvantage.

Often cited as a strength of Xen (a competing technology) is support for thread-local storage (TLS). This is now also supported in the latest UML kernels. Xen concentrates on virtualizing the whole machine, and thus all systems running on a Xen machine are really virtual machines. In UML, the host machine is not virtualized in any way, and only guest systems are true virtual machines. This allows UML guest direct access to host filesystems and hardware, where it is common to map a host directory (e.g., /uml/root/).

Supported platforms

UML was originally designed for the x86 instruction set, but has also been ported to others including IA-64 and PowerPC. [ citation needed ]

See also

Related Research Articles

A modern computer operating system usually uses virtual memory to provide separate address spaces called user space and kernel space. Primarily, this separation serves to provide memory protection and hardware protection from malicious or errant software behaviour.

RTLinux is a hard realtime real-time operating system (RTOS) microkernel that runs the entire Linux operating system as a fully preemptive process. The hard real-time property makes it possible to control robots, data acquisition systems, manufacturing plants, and other time-sensitive instruments and machines from RTLinux applications. The design was patented. Despite the similar name, it is not related to the Real-Time Linux project of the Linux Foundation.

<span class="mw-page-title-main">Xen</span> Type-1 hypervisor

Xen is a free and open-source type-1 hypervisor, providing services that allow multiple computer operating systems to execute on the same computer hardware concurrently. It was originally developed by the University of Cambridge Computer Laboratory and is now being developed by the Linux Foundation with support from Intel, Citrix, Arm Ltd, Huawei, AWS, Alibaba Cloud, AMD, Bitdefender and epam.

<span class="mw-page-title-main">Cooperative Linux</span> Software to run both Windows and Linux

Cooperative Linux, abbreviated as coLinux, is software which allows Microsoft Windows and the Linux kernel to run simultaneously in parallel on the same machine.

A hypervisor, also known as a virtual machine monitor (VMM) or virtualizer, is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine. The hypervisor presents the guest operating systems with a virtual operating platform and manages the execution of the guest operating systems. Unlike an emulator, the guest executes most instructions on the native hardware. Multiple instances of a variety of operating systems may share the virtualized hardware resources: for example, Linux, Windows, and macOS instances can all run on a single physical x86 machine. This contrasts with operating-system–level virtualization, where all instances must share a single kernel, though the guest operating systems can differ in user space, such as different Linux distributions with the same kernel.

In computer security, a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures and/or software vulnerabilities from spreading. The isolation metaphor is taken from the idea of children who do not play well together, so each is given their own sandbox to play in alone. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory scratch space. Network access, the ability to inspect the host system, or read from input devices are usually disallowed or heavily restricted.

In computing, paravirtualization or para-virtualization is a virtualization technique that presents a software interface to the virtual machines which is similar, yet not identical, to the underlying hardware–software interface.

<span class="mw-page-title-main">QEMU</span> Free virtualization and emulation software

QEMU is a free and open-source emulator. It emulates a computer's processor through dynamic binary translation and provides a set of different hardware and device models for the machine, enabling it to run a variety of guest operating systems. It can interoperate with Kernel-based Virtual Machine (KVM) to run virtual machines at near-native speed. QEMU can also do emulation for user-level processes, allowing applications compiled for one architecture to run on another.

twoOStwo was a commercial software product developed by Parallels Software Studio. The workstation software consisted of a virtual machine suite for Intel x86-compatible computers which allowed the creation and execution of multiple x86 virtual computers simultaneously. Each virtual machine instance could execute its own guest operating system including Windows, Linux, OS/2 and BSD variants.

OS-level virtualization is an operating system (OS) virtualization paradigm in which the kernel allows the existence of multiple isolated user space instances, called containers, zones, virtual private servers (OpenVZ), partitions, virtual environments (VEs), virtual kernels, or jails. Such instances may look like real computers from the point of view of programs running in them. A computer program running on an ordinary operating system can see all resources of that computer. However, programs running inside of a container can only see the container's contents and devices assigned to the container.

<span class="mw-page-title-main">Protection ring</span> Layer of protection in computer systems

In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults and malicious behavior.

<span class="mw-page-title-main">Finnix</span> Linux distribution

Finnix is a Debian-based Live CD operating system, developed by Ryan Finnie and intended for system administrators for tasks such as filesystem recovery, network monitoring and OS installation. Finnix is a relatively small distribution, with an ISO download size of approximately 100 MiB, and is available for the x86 and PowerPC architectures, and paravirtualized systems. Finnix can be run off a bootable CD, a USB flash drive, a hard drive, or network boot (PXE).

<span class="mw-page-title-main">OpenVZ</span> Operating-system level virtualization technology

OpenVZ is an operating-system-level virtualization technology for Linux. It allows a physical server to run multiple isolated operating system instances, called containers, virtual private servers (VPSs), or virtual environments (VEs). OpenVZ is similar to Solaris Containers and LXC.

The following is a timeline of virtualization development. In computing, virtualization is the use of a computer to simulate another computer. Through virtualization, a host simulates a guest by exposing virtual hardware devices, which may be done through software or by allowing access to a physical device connected to the machine.

<span class="mw-page-title-main">Kernel-based Virtual Machine</span> Virtualization module in the Linux kernel

Kernel-based Virtual Machine (KVM) is a free and open-source virtualization module in the Linux kernel that allows the kernel to function as a hypervisor. It was merged into the mainline Linux kernel in version 2.6.20, which was released on February 5, 2007. KVM requires a processor with hardware virtualization extensions, such as Intel VT or AMD-V. KVM has also been ported to other operating systems such as FreeBSD and illumos in the form of loadable kernel modules.

<span class="mw-page-title-main">Kernel (operating system)</span> Core of a computer operating system

The kernel is a computer program at the core of a computer's operating system and generally has complete control over everything in the system. The kernel is also responsible for preventing and mitigating conflicts between different processes. It is the portion of the operating system code that is always resident in memory and facilitates interactions between hardware and software components. A full kernel controls all hardware resources via device drivers, arbitrates conflicts between processes concerning such resources, and optimizes the utilization of common resources e.g. CPU & cache usage, file systems, and network sockets. On most systems, the kernel is one of the first programs loaded on startup. It handles the rest of startup as well as memory, peripherals, and input/output (I/O) requests from software, translating them into data-processing instructions for the central processing unit.

<span class="mw-page-title-main">LXC</span> Operating system-level virtualization for Linux

Linux Containers (LXC) is an operating-system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel.

In computing, a system virtual machine is a virtual machine (VM) that provides a complete system platform and supports the execution of a complete operating system (OS). These usually emulate an existing architecture, and are built with the purpose of either providing a platform to run programs where the real hardware is not available for use, or of having multiple instances of virtual machines leading to more efficient use of computing resources, both in terms of energy consumption and cost effectiveness, or both. A VM was originally defined by Popek and Goldberg as "an efficient, isolated duplicate of a real machine".

<span class="mw-page-title-main">Windows Subsystem for Linux</span> Compatibility layer for running Linux binary executables natively on Windows

Windows Subsystem for Linux (WSL) is a feature of Windows that allows developers to run a Linux environment without the need for a separate virtual machine or dual booting. There are two versions of WSL: WSL 1 and WSL 2. WSL 1 was first released on August 2, 2016, and acts as a compatibility layer for running Linux binary executables by implementing Linux system calls on the Windows kernel. It is available on Windows 10, Windows 10 LTSB/LTSC, Windows 11, Windows Server 2016, Windows Server 2019 and Windows Server 2022.

A virtual kernel architecture (vkernel) is an operating system virtualisation paradigm where kernel code can be compiled to run in the user space, for example, to ease debugging of various kernel-level components, in addition to general-purpose virtualisation and compartmentalisation of system resources. It is used by DragonFly BSD in its vkernel implementation since DragonFly 1.7, having been first revealed in September 2006, and first released in the stable branch with DragonFly 1.8 in January 2007. The long-term goal, in addition to easing kernel development, is to make it easier to support internet-connected computer clusters without compromising local security. Similar concepts exist in other operating systems as well; in Linux, a similar virtualisation concept is known as user-mode Linux; whereas in NetBSD since the summer of 2007, it has been the initial focus of the rump kernel infrastructure.

References

  1. Landley, Rob (2009-12-16). "Rob's quick and dirty UML howto" . Retrieved 2023-08-08.
  2. "Virtual Network User-Mode-Linux". 2012-02-13. Retrieved 2023-08-08.
  3. "Netkit: Features". 2009-12-03. Archived from the original on 2020-05-11. Retrieved 2023-08-08.
  4. Jean-Vincent Loddo; Luca Saiu. "Marionnet: a virtual network laboratory" . Retrieved 2023-08-08.
  5. "Cloonix Documentation: v03-04". 2019-06-01. Retrieved 2023-08-08.
  6. "Welcome to GINI! A Toolkit for Constructing User-Level Micro Internets". McGill University. 2009-09-28. Retrieved 2023-08-08.
  7. "UML as a honeypot". 2007-07-13. Retrieved 2023-08-08.
  8. Richard WM Jones (August 11, 2013). "Experimental User-Mode Linux backend for libguestfs" . Retrieved 2019-08-29.
  9. Dike, Jeff (2006-04-12). User Mode Linux. Prentice Hall. p. 197. ISBN   9780131865051.