{"id":16,"date":"2006-09-13T12:30:31","date_gmt":"2006-09-13T10:30:31","guid":{"rendered":"http:\/\/blogs.igalia.com\/berto\/2006\/09\/13\/user-mode-linux-and-skas0\/"},"modified":"2006-09-13T12:30:31","modified_gmt":"2006-09-13T10:30:31","slug":"user-mode-linux-and-skas0","status":"publish","type":"post","link":"https:\/\/blogs.igalia.com\/berto\/2006\/09\/13\/user-mode-linux-and-skas0\/","title":{"rendered":"User-mode Linux and skas0"},"content":{"rendered":"<p><a href=\"http:\/\/user-mode-linux.sourceforge.net\">User-mode Linux<\/a> (UML) is a port of Linux to its own system call interface. In short, it&#8217;s a system that allows to run <em>Linux inside Linux<\/em>.<\/p>\n<p>UML is integrated in the standard Linux tree, so it&#8217;s possible to compile an UML kernel from any recent kernel sources (using &#8216;<tt>make ARCH=um<\/tt>&#8216;).<\/p>\n<p>Traditionally, UML had a working mode which was both slow and insecure, as each process inside the UML had write access to the kernel data. This mode is known as <em>Tracing Thread<\/em> (tt mode).<\/p>\n<p>A new mode was added in order to solve those issues. It was called skas (for <em>Separate Kernel Address Space<\/em>). Now the UML kernel was totally inaccessible to UML processes, resulting in a far more secure environment. In skas mode the system ran noticeably faster too.<\/p>\n<p>To enable skas mode the host kernel had to be patched. As of September 2006, the latest version of the patch is called skas3. The patch is small but hasn&#8217;t been merged in the standard Linux tree. The official UML site has a <a href=\"http:\/\/user-mode-linux.sourceforge.net\/skas.html\">page about skas mode<\/a> that explains all these issues more thoroughly.<\/p>\n<p>However, by July 2005 a new mode was added to UML in Linux 2.6.13 called <em>skas0<\/em> (which, for some reason, isn&#8217;t explained in the above page). This new mode is very close to skas3: it provides the same security model and most of its speed gains. The main difference is that <em>you don&#8217;t need to patch the host kernel<\/em>, so you can use a skas-enabled UML in your Linux system without having to mess with the host kernel. The patch is explained in the 2.6.13 changelog or <a href=\"http:\/\/lwn.net\/Articles\/142494\/\">in this article<\/a>.<\/p>\n<p>A skas0-enabled kernel boots like this:<\/p>\n<pre>\nChecking that ptrace can change system call numbers...OK\nChecking syscall emulation patch for ptrace...OK\nChecking advanced syscall emulation patch for ptrace...OK\nChecking for tmpfs mount on \/dev\/shm...OK\nChecking PROT_EXEC mmap in \/dev\/shm\/...OK\nChecking for the skas3 patch in the host:\n  - \/proc\/mm...not found  \n  - PTRACE_FAULTINFO...not found\n  - PTRACE_LDT...not found\nUML running in SKAS0 mode \n...\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>User-mode Linux (UML) is a port of Linux to its own system call interface. In short, it&#8217;s a system that allows to run Linux inside Linux. UML is integrated in the standard Linux tree, so it&#8217;s possible to compile an UML kernel from any recent kernel sources (using &#8216;make ARCH=um&#8216;). Traditionally, UML had a working [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,9,10,12],"tags":[],"class_list":["post-16","post","type-post","status-publish","format-standard","hentry","category-english","category-gpul","category-igalia","category-free-software"],"_links":{"self":[{"href":"https:\/\/blogs.igalia.com\/berto\/wp-json\/wp\/v2\/posts\/16","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.igalia.com\/berto\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.igalia.com\/berto\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.igalia.com\/berto\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.igalia.com\/berto\/wp-json\/wp\/v2\/comments?post=16"}],"version-history":[{"count":0,"href":"https:\/\/blogs.igalia.com\/berto\/wp-json\/wp\/v2\/posts\/16\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.igalia.com\/berto\/wp-json\/wp\/v2\/media?parent=16"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.igalia.com\/berto\/wp-json\/wp\/v2\/categories?post=16"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.igalia.com\/berto\/wp-json\/wp\/v2\/tags?post=16"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}