{"id":14,"date":"2006-03-20T02:46:04","date_gmt":"2006-03-20T01:46:04","guid":{"rendered":"http:\/\/blogs.igalia.com\/eocanha\/?p=14"},"modified":"2015-11-08T00:21:18","modified_gmt":"2015-11-07T23:21:18","slug":"making-usermode-linux-work","status":"publish","type":"post","link":"https:\/\/eocanha.org\/blog\/2006\/03\/20\/making-usermode-linux-work\/","title":{"rendered":"Making usermode linux work"},"content":{"rendered":"<p>During this month I&#8217;ve been using my spare time to update my Linux system administration knowlegde, that was a bit outdated. One of the basic things I couldn&#8217;t live anymore whithout was <em>usermode linux<\/em>, so I put myself at work an decided to learn about it.<\/p>\n<p>Next, I&#8217;m going to explain the steps taken to put usermode linux working for me. At the end, you will find internet references that would help you in the process.<!--more--><\/p>\n<p><strong>First step: understanding the concepts<\/strong><\/p>\n<p>Usermode linux is just a linux kernel that stacks over software kernel calls from the host system to perform its tasks, instead of over real hardware.<\/p>\n<p><strong>Compiling the kernel for the UM architecture<\/strong><\/p>\n<p>As said in GULIC[1], you have to compile the kernel for a &#8220;usermode&#8221; special architecture (um), instead of doing it for i386:<br \/>\n<code><br \/>\ncd \/usr\/src\/linux-source-2.6.11<br \/>\nmake-kpkg clean<br \/>\nmake mrproper ARCH=um<br \/>\nmake menuconfig ARCH=um<br \/>\n<\/code><br \/>\nYou won&#8217;t see the usual config options. Some of the options seen are special for the UML architecture. You should take care about configuring this options (it&#8217;s recommended not to compile them as modules):<\/p>\n<ul>\n<li>Character Devices: virtual serial line, pty, tty and xterm channel, UML watchdog and Sound support.<\/li>\n<li>Block Devices: Virtual block device (important).<\/li>\n<li>UML network devices: virtual network device, ethertap and tun\/tap<\/li>\n<li>Networking support: networking options &gt; (iptables, tunnelling, etc), network device support &gt; universal tun\/tap.<\/li>\n<li>File systems: leave those to be used (ext2, ext3 for example) and Pseudo filesystems &gt; (proc, sys, dev, pts, shm, tmpfs).<\/li>\n<li>Cryptographic options: only if we use cryptoloop or ipsec.<\/li>\n<\/ul>\n<p>You can try the <a id=\"p15\" href=\"http:\/\/blogs.igalia.com\/eocanha\/files\/config.gz\">&#8220;.config&#8221; for 2.6.11 Kernel \/ UML architecture<\/a> that I&#8217;ve used for my tests.<\/p>\n<p>Once configured, you can compile the kernel and generate a Debian package:<br \/>\n<code><br \/>\nmake-kpkg --arch=um --revision Usermodelinux.1.0 kernel_image<br \/>\ndpkg -i \/usr\/src\/kernel-uml-2.6.11_Usermodelinux.1.0_i386.deb<br \/>\n<\/code><\/p>\n<p><strong>The bootstrap system<\/strong><\/p>\n<p>This package installs the usermode linux as an executable called linux-2.6.11, that can be runned. But before this, and following the instructions from [2], we must generate a filesystem and put into it a bootstrap or basic Debian system to run the UML in:<br \/>\n<code><br \/>\ndd if=\/dev\/zero of=umlfs bs=1 count=0 seek=2G<br \/>\nmkfs -t ext3 -F umlfs<br \/>\nmkdir rootdir<br \/>\nmount -o loop,rw umlfs rootdir<br \/>\ndebootstrap sarge rootdir<br \/>\numount umlfs<br \/>\n<\/code><\/p>\n<p><strong>First test<\/strong><\/p>\n<p>We can boot now the system that we have at this moment, just for a test. As a user, we do:<br \/>\n<code><br \/>\nlinux-2.6.11 ubd0=umlfs<br \/>\n<\/code><br \/>\nAnd we will see the system booting and all the virtual consoles in 6 xterms. Use one of them to enter as root (no password needed) and you&#8217;re in.<\/p>\n<p>One of the first things that you should do is to edit \/etc\/inittab and comment the lines that spawn the unneeded virtual consoles:<br \/>\n<code><br \/>\n1:2345:respawn:\/sbin\/getty 38400 tty1<br \/>\n#2:23:respawn:\/sbin\/getty 38400 tty2<br \/>\n#3:23:respawn:\/sbin\/getty 38400 tty3<br \/>\n#4:23:respawn:\/sbin\/getty 38400 tty4<br \/>\n#5:23:respawn:\/sbin\/getty 38400 tty5<br \/>\n#6:23:respawn:\/sbin\/getty 38400 tty6<br \/>\n<\/code><br \/>\nTo shutdown the system, simply put &#8220;shutdown -h now&#8221; and that&#8217;s it. If you don&#8217;t switch off the system in this way, the UML can hangup and you will have to kill all the linux-2.6.11 processes by hand. You can find more details at [3].<\/p>\n<p><strong>Setting up the network<\/strong><\/p>\n<p>There are some ways in which the UML can communicate with the host and with the external world. The best way, thinking in network security, is to use a tap device. A tap device is a network device that links a real network device (tap0) to a user process, like the UML.<\/p>\n<p>The following image shows the way UML will work using the tap device:<\/p>\n<p><img alt=\"Network diagram\" src=\"\/blog\/wp-content\/uploads\/2006\/03\/uml_net1.png\" \/><\/p>\n<p>The first step is to create the tap device in the host and enable the final user (enrique) to use it. It&#8217;s a persistent device and this action should be done only the first time:<br \/>\n<code><br \/>\ntunctl -u enrique<br \/>\nchown enrique \/dev\/net\/tun<br \/>\n# Also: chmod 666 \/dev\/net\/tun<br \/>\n# but I think that the one above is more secure<br \/>\n<\/code><br \/>\nThis will create the tap0 device. Now it&#8217;s time to configure it at host&#8217;s \/etc\/network\/interfaces:<br \/>\n<code><br \/>\niface tap0 inet static<br \/>\naddress 192.168.3.10<br \/>\nnetmask 255.255.255.0<br \/>\nbroadcast 192.168.3.255<br \/>\n<\/code><br \/>\nAnd get up the interface: &#8220;ifup tap0&#8221;. Now it&#8217;s time to boot the UML with networking capabilities (as enrique):<br \/>\n<code><br \/>\nlinux-2.6.11 ubd0=umlfs eth0=tuntap,tap0<br \/>\n<\/code><br \/>\nThe UML has to be configured in order to use that network. Add this to the \/etc\/network\/interfaces on the UML:<br \/>\n<code><br \/>\nauto eth0<br \/>\niface eth0 inet static<br \/>\naddress 192.168.3.1<br \/>\nnetmask 255.255.255.0<br \/>\ngateway 192.168.3.10<br \/>\n<\/code><br \/>\nAnd start the net with &#8220;ifup eth0&#8221;. The UML should be able to ping the tap interface of the host (192.168.3.10), and the host to ping the UML (192.168.3.1). But the UML can&#8217;t access to the outer network (192.168.2.0). We must perform some configurations at the host:<br \/>\n<code><br \/>\necho 1 &gt; \/proc\/sys\/net\/ipv4\/ip_forward<br \/>\nexport EXTERNAL_HOST_IP=192.168.2.74<br \/>\niptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $EXTERNAL_HOST_IP<br \/>\n<\/code><\/p>\n<p>Finally, it&#8217;s also recommended to add to the UML \/etc\/resolv.conf the same DNS server configured at the host.<\/p>\n<p>For the repetitive task of creating the tap interface, bringing it up and apply the routing rules, I&#8217;ve written a <a id=\"p17\" href=\"\/blog\/wp-content\/uploads\/2006\/03\/uml_net1_up.sh.gz\">script to set up the host network for a UML environment<\/a>, that should be run as root. You can find more info about network configuration at [4].<\/p>\n<p><strong>External resources<\/strong><\/p>\n<p>[1] http:\/\/drupal.gulic.org\/node\/520<br \/>\n[2] http:\/\/linuxencaja.symbiosis.com.co\/cgi-bin\/svnwiki\/default\/instalando%20debian%20en%20user%20mode%20linux#Obteniendo%20el%20sistema%20base%20de%20Debian<br \/>\n[3] https:\/\/www.linux-magazine.es\/issue\/07\/UML.pdf<br \/>\n[4] http:\/\/user-mode-linux.sourceforge.net\/UserModeLinux-HOWTO-6.html<\/p>\n","protected":false},"excerpt":{"rendered":"<p>During this month I&#8217;ve been using my spare time to update my Linux system administration knowlegde, that was a bit outdated. One of the basic things I couldn&#8217;t live anymore whithout was usermode linux, so I put myself at work an decided to learn about it. Next, I&#8217;m going to explain the steps taken to &hellip; <a href=\"https:\/\/eocanha.org\/blog\/2006\/03\/20\/making-usermode-linux-work\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Making usermode linux work<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2],"tags":[],"_links":{"self":[{"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/posts\/14"}],"collection":[{"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/comments?post=14"}],"version-history":[{"count":1,"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/posts\/14\/revisions"}],"predecessor-version":[{"id":465,"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/posts\/14\/revisions\/465"}],"wp:attachment":[{"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/media?parent=14"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/categories?post=14"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eocanha.org\/blog\/wp-json\/wp\/v2\/tags?post=14"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}