Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Linux Software

User-Mode Linux Merged Into 2.5 Kernel 247

An anonymous reader writes "With little fanfare, User Mode-Linux (UML) has been merged into Linus' BitKeeper tree. The merge followed a patch by UML author Jeff Dike, resynching UML with the 2.5.34 development kernel. From the UML homepage, User-Mode Linux provides you with a virtual machine that offers 'a safe, secure way of running Linux versions and Linux processes. Run buggy software, experiment with new Linux kernels or distributions, and poke around in the internals of Linux, all without risking your main Linux setup.'" There's more UML resources available at the community site.
This discussion has been archived. No new comments can be posted.

User-Mode Linux Merged Into 2.5 Kernel

Comments Filter:
  • I'd imagine there are alot of "weekend warriors" who would dabble more, and possibly contribute, but hold back not wanting to screw up their system.

    Maybe linux development will speed up a bit.
  • Good stuff. (Score:5, Interesting)

    by Lukey Boy ( 16717 ) on Thursday September 12, 2002 @08:21PM (#4248687) Homepage
    I recently found a beautiful use for user mode linux - changing distributions with a minimum of downtime.

    I have a RedHat box that's colocated that I wanted to move over to Debian - so I installed UML and loaded Debian onto one partition, got everything set up correctly and told LILO to boot off the new slice. After a few minutes of praying Debian came up running all the correct services.

    Thanks to the UML team!

  • by dboyles ( 65512 ) on Thursday September 12, 2002 @08:22PM (#4248691) Homepage
    User-Mode Linux provides you with a virtual machine that offers 'a safe, secure way of running Linux versions and Linux processes. Run buggy software, experiment with new Linux kernels or distributions, and poke around in the internals of Linux, all without risking your main Linux setup.'

    Finally, something that will get Linux accepted as a viable desktop operating system for all levels of users!
    • Actually this is just beautifull for network and system developers who don't want to spend money for vmware and others like it. The fact that it will be integrated into the kernel (and hopefully be usefully stable) will make Linux a very serious contender in the heavy duty enterprise level market and be a clear reason to prefer this over a puny Windows server environment or even heavy duty Unix giants. AFAIK no other OS will offer this functionality. I like the joke btw :)
      • AFAIK no other OS will offer this functionality.


        Sorry, no [ibm.com].
        • by jbolden ( 176878 ) on Thursday September 12, 2002 @09:52PM (#4249041) Homepage
          You forget MVS (even better than OS/400) which is based on running multiple virtual OSes of radically different types if needed all under extremely powerful management tools.

          Still I agree 100% with your main point that while this is a big step up for Linux it ain't playing in the same ballpark yet.
          • MVS (which later became OS/390 and z/OS) does not have the ability to run other OSs. VM is the hypervisor that lets you run 'real' OSs such as MVS, CMS, Unix and Linux, using IBM mainframes, like VMware on x86. VM/VMware are something like UML but work at the hardware level and can run virtually any OS for the given hardware, whereas UML obviously is a version of Linux and can only run Linux apps, not OSs.

            VM is very unlike OS/400 - one is a hypervisor, the other is an OS.
            • Agree with the clarification entirely. I used MVS rather than zOS because the point would be obvious (Multiple Versioning System).

              Off topic question: Do you know why IBM changed the name to zOS?

  • Well it does say "run buggy software" :)
  • Honeypot (Score:5, Insightful)

    by GigsVT ( 208848 ) on Thursday September 12, 2002 @08:30PM (#4248718) Journal
    I imagine there are honeypot applications for something like this. You could make a cracker totally believe they had broken in when in reality they are just in a UML.

    For the ultra paranoid you could also make a backup copy of your whole UML partition and only run services in that, periodically restoring it from backup, and copying in the new data that is stored on the real OS. If you got broken into, it wouldn't really matter.
    • Re:Honeypot (Score:4, Interesting)

      by VC ( 89143 ) on Thursday September 12, 2002 @08:44PM (#4248771)
      I just did this like 2 days ago. Im astounded that UML (bad name IMHO, been used already) is going into the main tree.
      UML is awesome, dont just set up 1 honeypot, set up 5 let the hacker think theyve found a whole network..
      Ive got my machine (no you cant have the IP ;-) so that ports 22 and 80 to to the *real* linux distro and all other exploitable ports goto my UML machine.
      Except that ive got TCP wrappers set up so that when you connect to my virtual machine, it NMAPs you and logs it all to a file.
      But probably the most fun thing you can do is test things like:

      # rm -rf / ;-)
    • I don't get it (Score:3, Insightful)

      by schlach ( 228441 )
      I imagine there are honeypot applications for something like this. You could make a cracker totally believe they had broken in when in reality they are just in a UML.

      Except for the 0.02% of people out there, and maybe 98% of businesses, that have anything on their computers that's more useful than the computer itself, I don't know why this would make a good honeypot. The cracker won't just think he's broken in... he will have really broken in.

      Not so much a honey-pot as a pot-o-honey...

      The UML website mentions applications as a sandbox, which makes sense, but if you're going to run vulnerable apps to lure hackers (i refuse to mistake hackers and crackers :) and give them unrestricted network access, you might be able to efficiently spy on what they're doing, maybe, but they've *still* taken over your network connection. They can now use it for a DDoS zombie, an IP bounce, or maybe just put some of their own filez on that wu-ftpd server you set up to get knocked over...

      My $0.02
      • Re:I don't get it (Score:5, Informative)

        by pabs ( 1629 ) on Thursday September 12, 2002 @10:27PM (#4249184) Homepage
        $iptables -t filter -A FORWARD -i tap0 -j in-throttle
        $iptables -t filter -A in-throttle -m limit --limit 5000/sec -j RETURN
        Thank you, drive through.
      • Re:I don't get it (Score:2, Informative)

        by GigsVT ( 208848 )
        Honeypots are not for normal businesses to run. They are mostly of interest to security people who want to get insight into the latest tools and exploits.
      • Re:I don't get it (Score:2, Insightful)

        by Anonymous Coward
        but if you're going to run vulnerable apps to lure hackers (i refuse to mistake hackers and crackers :)

        But you just have... Particually when combined with:

        They can now use it for a DDoS zombie, an IP bounce, or maybe just put some of their own filez on that wu-ftpd server you set up to get knocked over...

        Learn

      • Consider a firewall where the only IP layer things that are seen are actually coming from instances of UML.
        The host kernel is just running bridging (and filtering, of course) , and doens't even have an IP of it's own.

        So your NAT device is actually a UML instance.
        So hey manage to get root on it.. even so, the traffic to it is filtered at a layer they cannot even see. They just can't get there from, well, there.

    • Re:Honeypot (Score:3, Interesting)

      I've done the Honeypot from home, but filled mine with killer bees instead. I used vmware to setup a honeypot machine running linux with a nice little samba server setup, and semilocked down. It was, however, filled with hundreds of programs and bullsnot documents all infected with one or more windows or dos viruses. I actually had someone email me and complain that my web server was virus infected and that it had caused major problems on their network when an employee of theirs had visited my website. They were threatening legal action and such. I replied to them that I didnt run a web server and that someone from their IP had hacked my machine. Several days later I got an apologetic email that also said the offending employee was no longer in their employ. I love my honeypot!

      "Get Moose and Squirrel!"
  • any person who likes to poke around with linux knows how eternally annyoing it is to crash your main box. For this reason, i had set up a 486 for "poking". We all know how much we love to poke around on THE WORLDS SLOWEST MACHINE!!!!

    UML is something that i haden't heard about, prolly because i havent kept up, but this sounds freaking awesome!
  • Any word on how UML compares to the FreeBSD emulation [freebsd.org] of Linux? I've heard claims that FreeBSD can run Linux binaries faster than Linux, so it would be interesting for a one-on-one comparison of User-Mode Linux and FreeBSD Linux emulation.
    • They are entirely different things. FreeBSD's emulation does translation of the system calls into the corresponding FreeBSD ones; UML is a full Linux kernel running in user space.
    • by Anonymous Coward on Thursday September 12, 2002 @09:07PM (#4248845)
      Comparing UML to FreeBSD's API redirector (usually misnamed "Linux emulation") is like comparing Windows running in VMware to WINE. VMWare runs the true full blown MS-Windows while WINE redirects the calls to approbate native calls/code. Likewise, UML runs the true full blown Linux kernel while FreeBSD just redirects the calls to native calls/code.

      UML adds more layers before a system call makes it to the hardware than simple API redirection. For example, for a program running in UML to read from the CD-ROM, the real kernel only provides access to the block device and the UML kernel translates the block device/ISO9660 accordingly for the file access calls. In UML, reading of the structures as following ISO9660 is done is *user space*. FreeBSD's API redirector breaks the block device structures from ISO9660 to approbate formats for file system calls all in the FreeBSD kernel. FreeBSD's Linux "emulator" does not achieve the same redefination of what occures in user space as opposed to kernel space at all. If FreeBSD can't run Linux binaries faster than UML then something is very wrong. However, it would be interesting to see if FreeBSD's API redirector could run UML and see if UML runs faster on top of FreeBSD or on top of Linux.
  • by MBCook ( 132727 ) <foobarsoft@foobarsoft.com> on Thursday September 12, 2002 @08:43PM (#4248768) Homepage
    Every time I've seen UML mentioned, it's in refrence to kernel programing/X programing/programing in general/software testing/etc. I understand how it would be incredibly usefull in this circumstances. But my question to you guys is this: how would it benifit Joe User to have this installed if he just surfs the web, does e-mail, plays games, GIMPs, etc? Other than just another layer of crash protection, what good is this to the masses?
    • by aardvarkjoe ( 156801 ) on Thursday September 12, 2002 @08:51PM (#4248794)
      The "good for the masses" part is that more people will be able to work on / test / debug new linux kernels, so that Joe User will end up with a more stable system. As far as Joe User who doesn't know what a kernel is, I doubt that there's much of a reason for him to be using it.
    • by kgasso ( 60204 ) <<kgasso> <at> <blort.org>> on Thursday September 12, 2002 @08:52PM (#4248802) Homepage
      In our office (Wholesale/Virtual ISP), we've been experimenting with UML for a while as a decent alternative to trying to virtualize every service and allowing some of our reselling ISPs to have their own username space - something I don't even want to attempt with Apache and most FTP servers.

      So far it's been fairly stable, after working out a few quirks. Definitely worth the trouble of getting everything set up. Makes backups on the UML servers stupidly-simple too.

      Congrats to the UML developers on clearing this hurdle, and here's to hoping it betters future development on the project!
    • It's good for setting up a secure box at home which has most services running in different loopback devices of UML and minimal firewalling functions running natively.

      It's exactly like a honeypot project, except that you are not going to invite people to hack. :)

      I was going to write a howto for it but since it's a duplicate effort of honeypot project. You may refer to it. It's really useful when you couldn't affort to spare an extra box for your firewall.
    • Um, who cares? Not everything has to help the masses. Some stuff is by hackers for hackers.
    • Aside from the fact that not everything has to be for the masses, there are lots of sandboxing applications that the masses could use -- not just a layer of crash-protection (which shouldn't be needed if the regular kernel does its job), but as a way of protecting agains malicious/trojan software. For instance, worried that the latest version of windows media player is going to send information about your computer to MS? Run it in a user-mode sandbox that can't access any of your files, and can only use the network to grab your MPEGs. Someone send you a cool program that might have a virus or trojan? Your mail client could just run it in a UML sandbox. No more telling people "don't click on .exe files!

      Of course, the options above are much more useful in Windows than Linux, since Linux doesn't have much in the way of viruses, trojans, or spyware, but if it becomes more popular on the desktop, all those nasty things will come in full force, and we will be ready.

      Another sandboxing application that Joe User might be interested in is for servers. Lots of people like to set up personal web servers for one reason or another, and this is frequently a big security risk. But if he can install it in UML (or preferably download a pre-made UML image with the web server installed) the rest of his computer will be pretty safe.

      Another security possibility is for a personal firewall. If you ran your whole system in UML, and ran nothing but a firewall on the "real" machine, you could get many of the advantages of a firewall without a second computer. This is probably not particularly attractive, since you don't really need the firewall to be seperate from the workstation, but it is a possibility.

      I personally would love to see UML ported to Windows as a way to run Linux apps under Windows.
      • From what I've heard, some Linux distros aiming for the clueless-users market are implementing this sandbox mode with Wine to allow you to do things like open email attachments without hosing your other emulated programs.

        The idea is that you install a bunch of applications and with each one, tell the system if it's a component of (ie, should share the filesystem and permissions of) another program, related to it (in which case they need or one two way access to the files of the other, though possibly read-only) or completely unrelated, where they can "scan the whole system" and not see each other. (Of course, the whole system would appear to be an empty windows install until you set otherwise.)

        This way your virtual copy of Outlook (needed for calendaring in your company) would think it was the only thing installed, but your other apps could see Outlooks files, though in read-only mode to allow for importing of mail, or what-now. If you clicked on an email attachment it'd default to running it in a seperate filesystem unless told otherwise. If it's an .exe of the dancing baby, no harm done. If it's a virus, again, no harm done. (The exception being JS viruses where Outlook doesn't actually run an exe, where it is the security hole itself.)

        With a system of hard-links you could make a "windows install" that you could have tons of copies of without taking more room, except for files modified by the program running in that particular partition.

        This would also work in VMWare, if you could make it run from a Linux filesystem, but the overhead of running a new VM for each program is overkill.
    • Who cares. The very reason we run Linux is because you can do stuff that will never make it into a consumer OS.
  • Limitations (Score:3, Interesting)

    by deepchasm ( 522082 ) on Thursday September 12, 2002 @08:45PM (#4248779)

    a safe, secure way of running Linux versions and Linux processes

    Well, yes it is, but if you want to take advantage of the security, and debug processes in depth, then you might have some problems.

    Many of you will probably remember the Reverse Challenge [honeynet.org]. One evening I downloaded the malicious binary, and decided that UML would be ideal to try running it in a tightly controlled enironment - using fenris [bindview.com] to trace its execution and learn more about it.

    Unfortunately, fenris doesn't work under UML (neither does strace if I remember correctly).

    Shame. It's a lot cheaper than VMWare!

    • Re:Limitations (Score:3, Informative)

      by Tom ( 822 )
      strace runs just fine.

      I wanted to attach a few lines as proof here, but /. "junk filter" doesn't let me, no matter how much I try. Sorry, you'll have to verify for yourself.

  • UML is just so versatile. It works nicely as a honeypot. It can be used to partition one machine into several for webhosting providers to let customers run what they want. It goes one step beyond chroot for running daemons you need but don't particularly trust. It lets you safely try distributions you haven't used before or design new ones.

    So, cool to see it gets the official seal of approval.

  • So hot right now. Linux.
  • by pschmied ( 5648 ) on Thursday September 12, 2002 @08:54PM (#4248807) Homepage
    I know that FreeBSD's jail allows for some level of virtualization. My question is, how technically does this differ from the jail mechanism or does it?

    As a side note this sounds like a really cool idea, especially if you could virtualize multiple instances.

    -Peter
  • Imagine... (Score:5, Funny)

    by stor ( 146442 ) on Thursday September 12, 2002 @09:01PM (#4248830)
    A Beowu*smack* ow.

    Cheers
    Stor
  • by WindowsTroll ( 243509 ) on Thursday September 12, 2002 @09:11PM (#4248858) Homepage
    The use of TLA's (Three Letter Acronyms) has become so rampant that it is hard to find things which aren't referred to by their TLA. In many cases, the same TLA has more than one meaning, so the users of the acronym are able to keep the context straight. In this case, where the software sector has a standard definition of UML, reusing the acronyn will only spread confusion

    If I were to create a software application called Great New Utility and referred to it as GNU, people would rightly be upset at me for trying to usurp an already common use of an acronym. In this case, I would probably be violating a trademark. The acronym of UML is already trademarked by Object Management Group, and has a common and well known usage.
    • by Anonymous Coward
      The problem you are referring to is otherwise known as TOS: "TLA Overload Syndrome". Yes, a TLA which includes a TLA.

      Appropriately enough, TOS can also mean "Transfer Orbit Stage" amongst a host of other things.

    • by Anonymous Coward
      By calling it "User-Mode GNU/Linux" you get a four-letter-acronym ("UMGL") which does not spread confusion.
    • > In many cases, the same TLA has more than one
      > meaning, so the users of the acronym are able to
      > keep the context straight.

      Hear, hear! People should really make more judicous use of ETLAs instead.

      Matt
    • GNU/GNU, sounds good to me!
    • In this case, where the software sector has a standard definition of UML, reusing the acronyn will only spread confusion

      Why? I haven't seen the Unified Modeling Language used much in the OpenSource enviroments where UML will be used, and outside those enviroments, User Mode Linux will probably have to be written out (and probably explained) to have any meaning, whether or not UML is used there or not. There's a programming language named Icon; I don't see hoards of confusion over that.
      • haven't seen the Unified Modeling Language used much in the OpenSource enviroments where UML will be used

        In some ways, that's a pretty severe indictment of Open Source. UML is about software analysis and design. Most Open Source projects, sadly, do not design their software, but start coding from minute one. There are exceptions though, but by and large most Open Source hackers don't have the patience to design their software (or validate it, or write documentation, or do usability studies, yada, yada, yada).

        To be fair, a heck of a lot of closed source software isn't designed either.
        • haven't seen the Unified Modeling Language used much in the OpenSource enviroments where UML will be used

          In some ways, that's a pretty severe indictment of Open Source. UML is about software analysis and design.

          You don't quite come out and say it, but I'm getting the impression of

          OpenSource doesn't use UML.
          UML is about software analysis and design.
          Therefore, OpenSource doesn't do software analysis and design.

          That is to say, UML is not the only way to do software analysis and design. Bertrand Meyer has thrashed UML pretty hard: So, although UML willbe successful at first, because it has the right endorsements, it will be of little use to the actual process of developing software. [inf.ethz.ch] (Unfortunately, I can't find the article where he let loose with both barrels.)

          most Open Source hackers don't have the patience to design their software

          Or the knowledge - I don't remember anything in any of my compsci classes about designing software. Open Source ad-hoc design, build, and redesign and rebuild seems to have worked pretty well in some cases.

          or validate it

          Money, perhaps? Spending several thousand dollars for a validation kit that I can only use on my machine is quite pricy.

          or write documentation, or do usability studies

          Serious user documentation in the commericial world is done by writers, not programmers. You can't expect people whose skills are programming to do everything.
        • In some ways, that's a pretty severe indictment of Open Source. UML is about software analysis and design. Most Open Source projects, sadly, do not design their software, but start coding from minute one.

          UML is hardly a necissary tool for designing software. In fact, if the task is simple enough source code can be the best design document. People that are too closed minded to consider more than one solution to a problem make poor software developers.

          most Open Source hackers don't have the patience to design their software (or validate it, or write documentation, or do usability studies

          You unfairly limit this to Open Source developers. Colsed source developers are just as lazy if not more, and typically the only reason such a programmer will think out a design before starting or write complete documentation is because it's company policy.
          • UML is hardly a necissary tool for designing software.

            No, it's not necessary. But it is common enough that Open Source developers should think UML == "Unified Modelling Language", instead of "User-Mode Linux". I may not need blueprints to build a house, but I should still know how to read them.
    • Since I don't do things that involve those kinds of higher level languages, my first encounter with "UML" actually was "User Mode Linux". So when I see "UML" that's what I think of. In fact it took a while for me to figure out why it all those developers seemed to be interested in using User Mode Linux.

      I propose we adopt a new meaning for "UML" as "Ubiquitous Mysterious Logic" or "Ugly Men Lurking".

    • VLM - Virtual Linux Machine?
      UMK - User Mode Kernel?
      LUM - Linux User Mode?
      LVM - Linux Virtual Machine?
      PUL - Partitioned User Linux?
      LUK = Linux User Kernel? (pronounced Luck!)

      Whatever. I do think an new acronym should be found for this.

      • BTW, LVM is already taken, it's "Logical Volume Manager", used for managing big hard drives, resizing partitions, and stuff like that.

        VLM for Virtual Linux Machine would have been good, but too late now I think. Oh well.

  • Somehow, this seems similar to what the Hurd is supposed to do. Someone wiser want to clear this up?
  • "User-Mode Linux provides you with a virtual machine that offers 'a safe, secure way of running Linux versions and Linux processes. Run buggy software, experiment with new Linux kernels or distributions, and poke around in the internals of Linux, all without risking your main Linux setup."

    Man! That's just some cool shit!
  • Could this be used ala the NT hardware abstraction layer? Specifically, could this be used to keep nasty drivers from hosing your system? I know that typically a bad module is likely just going to not load, spitting out unresolve symbols, causing no real harm, but there may be cases where third party drivers may properly load, but end up causing nasty problems.
  • If someone would finish a Win32 port of UML, I could ditch VMWare.
  • by tshak ( 173364 ) on Thursday September 12, 2002 @09:45PM (#4249002) Homepage
    One of the great things about UML - unlike a lot of other OSS projects - is that it's very well documented. Thanks to the UML diagrams on UML, there is no confusion as to what UML is or what it does.
  • by jelle ( 14827 ) on Thursday September 12, 2002 @09:58PM (#4249070) Homepage
    Somebody has to mention the Virtual Private Servers (vservers) and security contexts (ctx) patch [solucorp.qc.ca], which takes chroot(), and adds the good stuff from jail() and more to make completely separated contexts for process groups, without the overhead of another kernel.

    I've been running Debian 2.2r7 and RedHat7.2 in parallel with Debian/Woody on the same box for months now with this patch.
  • ... with one small difference, of course: WTM isn't safe. :)
  • It's actually a thought I had earlier today. Imagine you're a small place with a few servers (but they're rackmount with hot-swap drives). All of a sudden, the motherboard on one bites the dust. No worries, slap the drives in another server, and...well, some creative planning would be required to get the working server hosting the stuff on the dead server. UML would certainly make this process much easier and doubtless quicker. You'd have two servers running a bit slower, but that sure beats one server not running at all.
    • I'm not so sure. If your motherboard bites the dust, I'd think the parent Linux kernel is the one likely to crash and burn, since it's the one directly touching the hardware.
    • Think a little more general: Some pool "N" of UML instances running on a smaller or same-sized pool "M" of physical machines. If you could migrate a UML from machine to machine, you'd be all set. You could even load-balance, so that "M" could be noticeably smaller than "N". You could also change "M" on the fly, say, for maintenence purposes (eg. backups).

      --Joe
  • by Perdo ( 151843 ) on Thursday September 12, 2002 @10:41PM (#4249241) Homepage Journal
    To keep those little brilliant (bastard) children from wrecking your shiny new Linux lab.
  • So now, the little upstart "toy" operating system fully supports POSIX, full VM capabilities, and happily runs with some serious equipment [slashdot.org] and yet it also runs smoothly on [slashdot.org]
    small, dedicated devices.

    With each day that goes by, it seems that the folks in Redmond [microsoft.com] have a deeper hole to dig their way out of...
  • UML Windows port? (Score:2, Insightful)

    by Nicopa ( 87617 )
    Now we need somebody porting UML to run under Windows, pehaps using cygwin. Then we could have easy "try-linux.exe" for windows users.. :)
  • This is an absolutely amazing thing. I'll be downloading the latest kernel tonight. I've been wanting to try out UML and now I can do so alot easier.

    There have been alot of comments about UML and the other meanings of the TLA. Well, we're going to run out eventually, what then? Its all in context.

    Also, other comments mention this will bring in new kernel developers. Well, thats right because I'll be working on some ideas very soon!
  • Synopsis. (Score:3, Interesting)

    by mindstrm ( 20013 ) on Friday September 13, 2002 @12:16AM (#4249535)
    The news here is that it is merged into 2.5

    UML is not new, though this will certainly make things better.

    Just think of the neat firewalling you can do.
    Run your DNS servers inside a UML session, with traffic to them filtered by firewalling on the host... even if someone breaches BIND, they are stuck in a machine, can't go anywhere, because all traffic to that machine is filtered.

    Virtual linux machines for each service that is not performance critical.

  • SMP (Score:2, Interesting)

    by binney ( 253074 )
    UML can emulate an SMP machine. It could be used for benchmarking multi-threaded code and teaching SMP programming without having to fork out big $$$ for SMP machines.
  • I've been fooling with UML as a potential container for grid computing applications..

    Think about it - they get full ring3 native assembler optimization for the computation (none of this Java/emulation stuff) and only encounter a minor penalty when they need to talk to the net or a "disk" - virtual or no. And, with iptables on the real kernel one can set up arbitrary network access rules for the UML world. And since the disks are just files or real disks, you have near-perfect control there too. The only thing I can think of not working is device driver modules like NVdriver... but that shouldn't be a terribly big drawback.

    Sorry if that's incoherent, it's 4:00 here and I'm really really tired.

    --Knots;
  • I don't get it. (Score:3, Interesting)

    by LordNimon ( 85072 ) on Friday September 13, 2002 @01:56PM (#4252783)
    I've read the web site, but I still don't really understand what UML is. How is it different from something like VMWare?
    • Re:I don't get it. (Score:2, Informative)

      by psamuels ( 64397 )
      How is it different from something like VMWare?

      Well ... it's free.

      Seriously, VMware lets you run a regular OS on emulated hardware. UML lets you run an emulation OS on real hardware. Both run on top of a standard OS (with real hardware).

      VMware is not itself an OS - it provides a virtual PC which your regular OS thinks it owns. UML is an OS, which knows full well it does not own any hardware. The processes running under UML do not necessarily know that, though, since UML provides a near-standard environment.

      (Related point: for those of you who think you're going to set up a honeypot that the cracker will break into and think he 0wns the bare metal - keep in mind that UML was not really designed to hide its own nature, so it's not hard to check for. And if you crack root in the UML, it's possible to get out of it. So if you're using UML for security reasons, you probably should run it in its own chroot.)

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...