User-mode Linux
From Free net encyclopedia
←Older revision | Newer revision→
User-mode Linux (UML) allows multiple virtual Linux systems (known as guests) to run as an application within a normal Linux system (known as the host). As each guest is just a normal application running as a process in user space, this approach provides the user with a way of running multiple virtual Linux machines on a single piece of hardware, offering excellent security and safety without affecting the host environment's configuration or stability.
Numerous things become possible through the use of UML. One can run network services from a UML environment and remain totally sequestered from the main Linux system in which the UML environment runs. Administrators can use UML to set up honeypots, which allow one to test the security of one's computers or network. UML can serve to test and debug new software without adversely affecting the host system. UML can also be used for teaching and research, providing a safe and realistic Linux networked environment with a high degree of safety.
In UML environments Kernel versions need not match, so it is entirely possible to test a "bleeding edge" version of Linux in User-mode on a system running a much older kernel. Another kernel debugging tool is kgdb that allows to single-step the Linux kernel. It requires two machines connected with a null modem.
Recently, several web hosting providers have begun offering UML-powered virtual servers for $10 to $20 per month. Each customer has root access on what appears to be their own system, while in reality one physical computer is shared between many people.
The UML guest application (a Linux binary ELF) was originally available as a patch for some Kernel versions above 2.2.x, and the host with any Kernel version above 2.2.x supported it easily in the thread mode (i.e.non-skas3).
As of Linux 2.6.0 it is integrated into the main kernel source tree. A specific patch for the host Kernel, called skas3, is now part of the normal 2.6 kernel. This patch improves performance and security : processes running in the UML share the same address space from the host's point of view, which leads the memory inside the UML to not be protected by the Memory management unit. This means that buggy or malicious software inside an UML running on a non-skas host will be able to modify the memory space of other UML processes or even the UML kernel memory. The skas3 patch works well for 32 bit processors, but 64 bit based machines are more tricky. Some of the latest developments revolve around a technology called skas0, which should allow reasonable performance on a wide range of processors without kernel patching.
Often cited as a strength of Xen (a competing technology) is support for TLS. This is now also supported in the latest UML kernels. Xen concentrates on virtualising the whole machine, and thus all systems running on a Xen machine are really virtual machines. In UML, the host machine is not virtualised in any way, and only guest systems are true virtual machines.
The UML originally was designed for x86 processors, but is also ported to few other architectures including ia64 and PowerPC.