Hi Amat, In terms of hostfs, the most secure would be to make sure you compile a kernel (or obtain one) that doesn't support it. Though, you can always hack around the problem: http://user-mode-linux.sourceforge.net/old/hostfs.html
That is, make some empty directory like "/hostfs" then pass hostfs=/hostfs,append Experiment with making /hostfs chmod 0000 or chattr +i so that UML instances cannot do anything with it. This is a hack at best, so not something you should really do other then for a quick experiment to get started with UML. Jay On 3 April 2011 16:31, Amat I. Cama <a...@ccs.neu.edu> wrote: > Hey Jay, > > That is a pretty good idea. I'll look into it. Now the only thing I have left > to do is find a way to "disable" hostfs. > I will ping you if I have any questions. > > Thanks, > > Amat > ----- Original Message ----- > From: "Jay Shah" <jay.shah...@gmail.com> > To: "Amat" <a...@ccs.neu.edu> > Sent: Saturday, April 2, 2011 9:47:04 AM GMT -04:00 Georgetown > Subject: Re: [uml-user] UML Host Lockout > > Hi Amat, > > It sounds like you are doing something like this: > > host# ./linux <your params> > > ... boot process ... > > .. login .. > > uml# > > and here you have a root shell inside a UML instance. Now you are doing > > uml# halt > > which is dropping you back to a host# prompt. This is because you > started the UML process from this prompt, what is actually happening > is that the `linux' binary that you ran has now exited, so your host > machine has dropped you back to a root shell. > > To test this, I encourage you to telnet or SSH into a UML instance, > then try typing halt, init 0, kill -9 -1, or any variation of your > choice and see if you can access the host machine from. You will find > that from the host perspective, the process terminates and you can no > have any access (your SSH/telnet connection will naturally end and > cannot be connected to until you restart the `linux` process). > > If you do find you can toy with the host machine from inside a UML, do > let us know with a sample test case, as I'm sure we'd all be most > interested on how it works. > > One other thing to consider is whether the UML kernel you are running > has features such as hostfs support - where this allows you to mount > the hosts filesystem into your UML. You won't want this if you want to > encapsulate UML instances completely. > > I hope this helps somewhat, let me know if you'd like further clarification. > > Thanks, > > Jay > > On 2 April 2011 05:55, Amat <a...@ccs.neu.edu> wrote: >> Hey Guys, >> >> I have started using UML today and I think it's a great alternative to >> most virtualization software. But I have a question. Does anyone now if >> it is possible to lock the vm out of the host. What I mean is that once >> the vm is booted, it has absolutely no way of going back to the host >> machine (with commands such as `halt`, `init 0`,...) because I'm >> planning on using it to setup a lab and access to the host machine >> should be restricted. >> >> Thanks, >> >> Amat >> >> ------------------------------------------------------------------------------ >> Create and publish websites with WebMatrix >> Use the most popular FREE web apps or write code yourself; >> WebMatrix provides all the features you need to develop and >> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf >> _______________________________________________ >> User-mode-linux-user mailing list >> User-mode-linux-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user >> > ------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf _______________________________________________ User-mode-linux-user mailing list User-mode-linux-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
