Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sat, 25 Jan 2003 06:51:32 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sat, 25 Jan 2003 06:51:31 -0500 Received: from ns1.netroute.cz ([212.71.168.2]:48810 "HELO pop3.netroute.cz") by vger.kernel.org with SMTP id ; Sat, 25 Jan 2003 06:51:31 -0500 Date: Sat, 25 Jan 2003 13:00:38 +0100 From: Jan Hudec To: David Wagner Cc: linux-kernel@vger.kernel.org Subject: Re: Simple patches for Linux as a guest OS in a plex86 VM (please consider) Message-ID: <20030125120038.GL693@vagabond> Mail-Followup-To: Jan Hudec , David Wagner , linux-kernel@vger.kernel.org References: <20030124154935.GB20371@elf.ucw.cz> <20030124171415.34636.qmail@web80310.mail.yahoo.com> <20030124180255.GF1099@marowsky-bree.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jan 25, 2003 at 01:46:56AM +0000, David Wagner wrote: > Lars Marowsky-Bree wrote: > >All alternatives I have seen to UML (plex, vmware, UMLinux) suck IMHO. > > It seems plausible to expect that it might be easier to verify security > in plex86-based approaches than it is to verify security in UML. IIRC plex86 requires quite large module on the host. And I am not sure it's does not have any privilegies. Umlinux requires no or very minimal (thus easy to check for insecurities) patch to kernel and does not need any privilegies (except the helper that sets up networking, but that's pretty minimalistic too). If you properly chroot the umlinux process, it's very secure (the skas mode will only work in chroot once it's made to use syscall). ------------------------------------------------------------------------------- Jan 'Bulb' Hudec - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/