Re: uml-patch-2.5.49-1

Patrick Finnegan (pat@purdueriots.com)
Tue, 26 Nov 2002 02:02:50 -0500 (EST)


On Tue, 26 Nov 2002, Andi Kleen wrote:

> > One reason I can think of is that it prevents 'stupid things' happening
> > under a copy of UML from killing the OS UML is running under... Eg. if a
> > process is running under UML because it's not trusted and then turns into
> > a forkbomb, you don't want that taking down the host OS.
>
> You could limit that with an appropiate ulimit.
>
> Also a 'mm-bomb' could be similarly deadly without appropiate host limits.

That's just one example... the idea is that you want maximal separation
between the guest OS's apps and the host OS. Sort of like "VM" on IBM's
series of mainframe architecures. Of course, that's virtualization done
in hardware not in software, but the principles are the same; you want a
maximal amount of separation between the layers.

Pat

--
Purdue Universtiy ITAP/RCS
Information Technology at Purdue
Research Computing and Storage
http://www-rcd.cc.purdue.edu

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/