dike.book page 313 monday, march 6, 2006 6:50...
Post on 25-May-2018
214 Views
Preview:
TRANSCRIPT
313
I N D E X
A-a option
for cp, 69for ifconfig, 56, 124for uname, 168
Access control lists (ACLs), 95Address Resolution Protocol (ARP)
for Ethernet, 11, 58for host setup, 89
Address space manipulation, 199Addresses. See IP addresses; MAC addressesAdministration in captive UML, 287–289Administrators, console access by, 224–225aio_abi.h file, 249AIO facility, 192–193aio option, 304allmodconfig configurator, 239allnoconfig configurator, 239Always disallow TCP connections to X server
option, 96anon driver, 227–228Apache servers, 94append switch for hostfs, 215–216Application administration in captive UML,
287–289Application-level clustering, 289–294Application programming interface in captive
UML, 289ARCH, 239ARP (Address Resolution Protocol)
for Ethernet, 11, 58for host setup, 89
arp commandfor network interfaces, 255–257for TUN/TAP, 127–128, 131
Attackshumfs for, 216packet faking, 122–123with TUN/TAP, 130
Audio pass-through driver, 301
Authenticationin captive UML, 288in MConsole requests, 185
Authorizationin captive UML, 288in host setup, 95in MConsole requests, 185
Bb command in sysrq, 173-b switch
for tunctl, 124, 311for uml_moo, 71, 308
Backing filesCOW, 62–65merging with, 70–71moving, 69–70
BackupsCOW files for, 64for filesystems, 116–117
bash command, 57Bind mounts, 214–215Block devices
configuring, 170, 303pluggable, 87using and abusing, 83–87
Block drivers, 23–25Booting
clusters, 268–272from COW files, 67–68first time, 20–24successful, 24–28
Bottlenecks, 203, 208brctl utility, 137–138Breakpoints, 178bridge-utilities package, 137Bridging
security in, 140setting up, 136–139
Dike.book Page 313 Monday, March 6, 2006 6:50 PM
314 Index
Broadcast domains for host setup, 89BSD jail, 2Buffered I/O, 194Bug fixes, 234Bug-tracking system, 287Builds, 249–250BusyBox project, 10bzip files, 87
C-c switch for ubd, 303Cached data, 115cad command, 310CAP_SYS_RAW, 213Capabilities, permissions for, 213Captive UML, 283
application administration, 287–289application-level clustering, 289–294Evolution, 286–287secure mod_perl, 283–285standard application programming
interface, 289Carvalho de Melo, Arnaldo, 7chroot technology, 2, 71, 216–217, 220–221CKRM (class-based linux Kernel Resource
Management), 297Clock
real-time, 245–246synchronizing, 28
close calls, 113cluster.conf file, 267–269Clusters, 265–268
application-level, 289–294available, 273booting, 268–272exercises, 272–273
CMDLINE_ON_HOST option, 241–242Code pages, 201Collaboration, clustering for, 292–293Command-line options, 301
debugging, 303–304device and hardware specifications,
301–303informational, 305management, 304–305
Commands, running within instances, 180–182
Compartmentalization, 297–298Compiling, 233–234
builds, 249–250configuration interfaces, 235–240configuration options
console, 248debugging, 249execution mode-specific, 240–243generic, 243–246networking, 247–248virtual hardware, 246–247
source downloading for, 234–235CON_CHAN option, 248CON_ZERO_CHAN option, 248config command
for devices, 169process context for, 186in uml_mconsole, 310
config configurator, 237–238CONFIG_EXTERNFS option, 213–214CONFIG_HOSTFS option, 213–214CONFIG_IP_MROUTE option, 152CONFIG_IP_MULTICAST option, 152CONFIG_MAGIC_SYSRQ option, 172CONFIG_MODE_SKAS option, 199CONFIG_MODE_TT option, 199–200, 218CONFIG_STATIC_LINK option, 218configfs filesystem, 266"connection refused" message, 96Connectivity with TUN/TAP devices,
125–129Consistency problem, 115Consoles, 40–47
configuring, 170, 248for host ports, 41–45MConsole. See Management Console
(MConsole)security for, 223–225
Consolidating servers, 8–10Contexts
forcing threads into, 177–179process, 186, 231
Cookies, Xauthority, 95Copy-On-Write files. See COW (Copy-On-
Write) files
Dike.book Page 314 Monday, March 6, 2006 6:50 PM
Index 315
Copying data into instances, 83–87Corrupted filesystems, 68Cost savings, 8COW (Copy-On-Write) files, 11, 61–66
backing files for, 62–65merging with, 70–71moving, 69–70
for backups, 117booting from, 67–68in small server setup, 208sparseness of, 175
cp command, 69cpuinfo file, 36, 219CPUs, multiple, 243–244Ctrl-Alt-Del handler, 171–172Ctrl-C, signals from, 203Ctrl-Z, signals from, 203
D-d switch
for screen, 205for tunctl, 124, 311for ubd, 303for uml_moo, 71
Daemon transport, 152, 154Databases
in captive UML, 288metadata, 113–115package, 278–282
date command, 70dd command
for copying data into instances, 85–87for copying files, 53for swap space, 47
debug option, 304Debugging, 13
options for, 249, 303–304PT_PROXY for, 242
Decision-making for hardware, 273–274Default Apache install page, 94Default configuration, 239–240Default gateways for uml_switch, 163Default ports for multicast transport, 152Default routes
for host setup, 91for TUN/TAP, 133
Default values for transports, 148defconfig configurator, 235, 239Deleting routes, 77Denial-of-service attacks, 216dev with jails, 219Development uses, 12–13Devices
hardware specifications for, 301–303memory-mapped I/O for, 82queries for, 169–170TUN/TAP. See TUN/TAP devices
devpts filesystem, 34df command, 34DHCP
in bridging, 139–140for host setup, 89for transports, 148through TUN/TAP devices, 134–135
dhcp-fwd service, 134–135dir_metadata file, 112Disable option for xconfig, 236Disaster recovery, 13–14Disk numbers for partitions, 50Disks
listing, 35–36partitioned, 49–52as raw data, 53–54saving space on
COW files for, 62–66humfs for, 111
for swap space. See Swap spacediskstats file, 261DISPLAY environment variable, 96–97dmesg command, 22
for consoles, 40, 42for host setup, 90
DocumentRoot, 94Downloading source, 234–235Drivers
block, 23–25initializing, 22–23loopback, 24–25
DSL connections, 136dsp option, 301Duality of UML, 18Dumping
memory statistics, 172–173registers and stack, 174, 178
Dike.book Page 315 Monday, March 6, 2006 6:50 PM
316 Index
Dynamic linkingconfiguration option for, 240–241with jails, 218
Ee command, 173-e switch for xterm, 302e2fsprogs-devel package, 266EAGAIN value, 36ebtables, 140–141Educational uses, 10–12Efficiency, filesystem, 119Emacs, 289Embedded hardware, 13Emulating devices, 82Enable option for xconfig, 236Encapsulation in SLIP, 144ERR message, 182Error indicators in MConsole requests, 185eth option, 302–303Ethernet
in bridging, 136, 139in host setup, 89for instances, 72–73IP addresses for, 57–58in SLIP transport, 144
Ethernet cards, 134Ethertap
configuring, 150for frames, 54for host network access, 143for host setup, 88
Evolution, 286–287Exchanging packets, 72–73Exclusive locks, 68exec command, 181Execution modes
options for, 240–243in small server setup, 194–196
patches for, 201–202skas0, 200–201skas3, 198–200tt, 197–198Vanderpool and Pacifica, 202–203
ext2 filesystem, 24, 118
ext2online filesystem, 118ext3 filesystem, 118Extending filesystems, 117–118externfs filesystem, 277–282
Ff command in sysrq, 173-f switch
for log, 175, 310for tunctl, 311
fake_ide option, 303Faking packets, 122–123fd directory, 31fd file descriptor, 43–44fdisk tool, 50–51file command, 19, 24file_metadata file, 109, 112Filenames for backing files, 69Filesystems, 101
backups for, 116–117booting, 26corrupted, 68extending, 117–118externfs, 277–282host access to, 114–116host directory mounting, 101–104
with hostfs, 104–108with humfs, 108–114
selecting, 119–120filesystems file, 34–35, 102–103Filters
for pcap, 154for TUN/TAP, 130
Firewallsin host setup, 92–93for TUN/TAP, 132
fonts-xorg-75dpi package, 96nForcing threads into contexts, 177–179FORWARD chains, 141Frames
in bridging, 136, 139host setup for, 88–89transmission of, 54
free command, 52fsck message, 26
Dike.book Page 316 Monday, March 6, 2006 6:50 PM
Index 317
fstab filefor small server setup, 207for swap space, 52sync options in, 115
Future of UML, 14–15, 275–277captive UML, 283
application administration, 287–289application-level clustering, 289–294Evolution, 286–287secure mod_perl, 283–285standard application programming
interface, 289conclusion, 298–299externfs filesystem, 277–282virtual processes, 282–283virtualized subsystems, 295–298
fvwm window manager, 97
Ggconfig configurator, 238gcov, 12, 249GCOV option, 249gdb
in debugging, 12, 178with ptrace, 242
gdb-pid option, 304gdmsetup, 96getpid loops, 226gettimeofday command, 28, 245getty
for consoles, 45–46for virtual serial lines, 79–82
gettys, 29GFS clusters, 273Giarrusso, Paolo, 7, 200, 231GID (group ID) root, 109GIMP, 289glibc, 192glibc2-devel package, 266go command, 310gprof, 12, 249GPROF option, 249Group ID (GID) root, 109GRUB command, 23GTK toolkit, 238Guest scheduler, 295–297
Hhalt command
vs. cad, 171for instances, 169process context for, 186for shutdown, 59in uml_mconsole, 309
Hang notifications, 186, 188Hardware
configuration options for, 246–247decision-making for, 273–274developing, 13queries for, 169–170specifications for, 301–303
Header files, 249help command, 179–180, 309--help option, 305HighFree field, 258HIGHMEM option, 244Highmem support, 258
in skas mode, 200in small server setup, 208in tt mode, 197–198
HighTotal field, 258History of UML, 4–8home, mounting, 214HOST_2G_2G option, 241Host directory mounting, 101–104
with hostfs, 104–108with humfs, 108–114
host filesystem, 103hostfs, 101–102
advantages of, 119append switch, 215–216for bind mounts, 215for file access, 114–116for host directory mounting, 104–108for mount restrictions, 214
Hostsconsoles for, 41–45filesystem access by, 114–116instance management from. See Instances;
Management Console (MConsole)intercepting and nullifying calls to, 226kernel in, 18memory consumption by, 25–26in networking, 87–99, 143–145
Dike.book Page 317 Monday, March 6, 2006 6:50 PM
318 Index
Hosts continuedproxy arp for, 58for serial lines, 79–81
Hot-plug memory, 228–230Hot-plugging devices, 169–170httpd file, 94httpd.conf file, 94, 285https sessions, random numbers for, 246-hub switch for uml_switch, 153, 311Hubs, 72humfs, 101–102, 104
advantages of, 119for denial-of-service attacks, 216for file access, 114–116for host directory mounting, 108–114in small server setup, 208
humfsify commandfor humfs, 110–111reference, 307–308
hwclock program, 28hwrng file, 247
Ii command in sysrq, 173ifconfig command, 54–56
for host setup, 90for instances, 73–77for interfaces, 124, 253–254
Informational options, 305Inheritance of capabilities, 213init process, 171Initializing drivers, 22–23initrd option, 302inittab file
for Ctrl-Alt-Del handler, 171editing, 45–46for serial lines, 40, 79–80, 82
INPUT chains, 141Instance kernel log, 175Instances
block devices for, 83–87for console server, 224–225COW files for. See COW (Copy-On-Write)
fileshalting and rebooting, 169, 171
jailing, 216–223managing, 167
with Management Console. See Management Console (MConsole)
with signals, 188–189networking, 71–79running commands within, 180–182sending interrupts to, 179stopping and restarting, 174–175
int command, 309Intercepting host system calls, 226Internal utilities, 312Internet collaboration, clustering for, 292Interprocess communication (IPC)
mechanisms, 72Interrupts
handling, 186sending to instances, 179
interrupts file, 35–36I/O
AIO facility for, 192–194MADV_TRUNCATE for, 228
iomem driver, 247, 302IP addresses
in bridging, 137, 139for Ethernet, 57–58for hosts, 87–90, 93, 96for instances, 73, 75–76reusing, 56–57for transports, 148for TUN/TAP, 124–126, 130–134for virtual serial lines, 82
IPC (interprocess communication) mechanisms, 72
iptablesfor bridging, 142for filtering, 130–132for host setup, 92–93
Isolated networks, transports for, 145–146
Jjail switch
for hostfs, 215for uml_moo, 71
Dike.book Page 318 Monday, March 6, 2006 6:50 PM
Index 319
Jailed processes, 2–3Jailing instances, 214–224
KKernel
logs for, 173logging to, 175for multicast networks, 155
security for, 212–214versions of
queries for, 168–169in small server setup, 192–194
virtualized subsystems in, 295KERNEL_HALF_GIGS option, 242–243Kernel-level programming, 12Kernel mode, 212Kernel modules, 212–213KERNEL_STACK_ORDER option, 244Kernel tree, 234–235Keyboards listing, 35–36Killing tasks, 173Kroah-Hartman, Greg, 234
LLarge numbers of devices, configuring
memory, 257–265network interfaces, 252–257
Large server management, 211final points, 232future enhancements
MADV_TRUNCATE, 227–230PTRACE_FAULTINFO, 227remap_file_pages, 230–231sysemu patch, 226–227VCPU, 231
security forconfiguration for, 212–216console, 223–225jailing instances, 216–223skas3 vs. skas0, 225–226
LDT (Local Descriptor Table) entries, 199len field in MConsole requests, 185lib file, 217libpcap, 145
Libraries with jails, 217–218LILO command, 23Linking, dynamic and static
configuration option for, 240–241with jails, 218
Links, symbolic, 113linux file, 249–250Local Descriptor Table (LDT) entries, 199Locks
in application-level clustering, 291for instances, 68
log command, 175, 310log level setting, 173Login prompt, 29Logins
console for, 224as normal users, 39–40for running commands, 181
Long-lived instances, 203–205longjmp command, 179Loop-mounting images on hosts, 115Loopback drivers, 24–25LowFree field, 258LowTotal field, 258ls command line, 47ltrace, 12Lustre clusters, 273
Mm command in sysrq, 172–173-m switch for screen, 205MAC addresses
in bridging, 136, 139for host setup, 90for instances, 75for transports, 148for TUN/TAP, 127, 134–135
MADV_TRUNCATE patch, 227–230Magic SysRq facility, 116–117MAGIC_SYSRQ option, 246Management Console (MConsole)
for backups, 117MConsole protocol, 183–186notifications, 186–188for partitions, 50Perl library, 185
Dike.book Page 319 Monday, March 6, 2006 6:50 PM
320 Index
Management Console (MConsole) continuedfor queries. See Queries, MConsolerequests in, 184–186uml_mconsole client, 182–183
Management options, 304–305Mapping
file operations to host operations, 104–108memory, 230–231, 244in skas3, 199
Masquerading, 92–93Master UMLs, 80–81Maximal Transfer Units (MTUs), 136mcast command, 89, 151–152MConsole. See Management Console
(MConsole); Queries, MConsolemconsole driver, 23–24, 304MCONSOLE option, 246MConsole protocol, 183–185mem file
for kernel access, 213for swap space, 48
mem option, 302meminfo command, 261–262
for debugging, 176for instances, 258output from, 30–32for scalability limits, 252for swap space, 48
Memoryconfiguring, 170, 257–265consumption of
host, 25–26monitoring. See meminfo command
Highmem support for, 197–198, 200, 244mapping, 230–231, 244saving
COW files for, 62, 64, 68MADV_TRUNCATE for, 227–230
small server setup for, 206–208statistics dumping for, 172–173swap space for. See Swap spaceusage information, 30–32
Memory-mapped I/O, 82Memory pages, 198, 230–231menuconfig configurator, 236–237Merging COW files with backing files,
70–71metadata file, 112
Metadata for files, 109–115mixer option, 301mkfs for clusters, 270mm process, 199, 201–202mmap, 104, 201, 208MMAPPER option, 247mnt directory, 105mod_perl module, 283–285mode option, 304MODE_SKAS option, 240MODE_TT option, 240Modification time for backing files, 69–70modprobe command, 57Modular option for xconfig, 236Molnar, Ingo, 230–231Monitoring memory consumption. See
meminfo commandMorton, Andrew, 7, 231, 265mount command, 105Mounting host directories, 101–104
with hostfs, 104–108with humfs, 108–114
Moving backing files, 69–70mprotect, 201MTUs (Maximal Transfer Units), 136Multicasts, 72–73
configuring, 151–152example networks, 155–160with instances, 75–78for isolated networks, 145
Multiple clustered applications, 292Multiple instances, COW files for. See COW
(Copy-On-Write) filesMultiple processors, 243–244Multiple users, hostfs with, 107munmap, 201
Nn command in sysrq, 174-n option for uname, 168Name server responses, faking, 123Named pipes
hostfs with, 108humfs with, 110
Namesfor devices, 124
Dike.book Page 320 Monday, March 6, 2006 6:50 PM
Index 321
for partitions, 50for screen sessions, 205
ncpus option, 302NEST_LEVEL option, 241Network Address Translation (NAT), 92network file, 269Network sniffers, 146Networking, 54–59, 121
configuration options for, 247–248examples
multicast, 155–160summary, 166uml_switch, 160–166
filesystem access in, 104hosts in, 87–99instances, 71–79interface configuration for, 170, 252–257manual setup for
bridging, 136–142TUN/TAP. See TUN/TAP devices
small server setup for, 206transports, 142–143
configuring, 147–154for host network access, 143–145for isolated networks, 145–146selecting, 146–147
New connection message, 162NFS clusters, 273nfs directory, 103Nodes, cluster, 268–272nodev entries, 102-nolisten tcp, 96Nonbroadcast frames in bridging, 139Nondevice filesystems, 102none device, 43Nonexclusive read-only locks, 68nooptimize flag for pcap, 154noprocmm option, 304noptracefaultinfo option, 304Normal user logins, 39–40nosysemu option, 304Notifications
for jails, 222–223MConsole, 186–188
NR_CPUS option, 243–244NULL_CHAN option, 248null device, 43Nullifying host system calls, 226
OO_APPEND option, 215O_DIRECT I/O
caches in, 119in host kernel, 192–194in small server setup, 208
-o option for hostfs, 105–106o2cb file, 267ocfs2 clusters, 290–291, 293–294ocfs2 script, 265–267ocfs2console, 266od utility, 86OK message, 182oldconfig configurator, 235, 238Omitted transport parameters, 148open calls, 113Openswan project, 10optimize flag for pcap, 154Oracle, 265Out-of-memory condition, 173OUTPUT chains, 141Outside network access, 132–133Overwriting files, preventing, 215Ownership of files, 106–110, 112
Pp command in sysrq, 174-p switch for cp and tar, 69Pacifica execution mode, 202–203Packages, databases for, 278–282Packets
exchanging, 72–73faking, 122–123forwarding, 127with instances, 74, 77–78transmission of, 55
Page-by-page memory mapping, 230–231Page faults, 199–200Panic notifications, 186, 188Parameters for transports, 148Partitioned disks, 49–52passwd file, 101password prompt for running commands,
181Passwords in captive UML, 288
Dike.book Page 321 Monday, March 6, 2006 6:50 PM
322 Index
Patches, 234for execution modes, 201–202for performance, 226–227
pcap transportconfiguring, 154for isolated networks, 145–146
Performancebottlenecks in, 203, 208COW files for, 64memory for, 259–265PTRACE_FAULTINFO patch for, 227remap_file_pages for, 230–231in skas3 Mode, 198in SLIP transport, 144in small server setup, 208sysemu patch for, 226–227
Perl library, 185Permissions
in application-level clustering, 291for capabilities, 213for files, 106–110, 112for host setup, 95for security, 123
physdev module, 142Physical memory, small server setup for,
206–208pid file with jails, 222–223PIDs (process IDs) for signals, 189ping command, 58
for bridging, 141for host setup, 90–91, 93–94for instances, 76–78for multicast networks, 158–160for network interfaces, 254, 256–257for TUN/TAP, 125–129, 133for uml_switch, 162–166
Pipeswith hostfs, 108with humfs, 110with uml_switch, 153
Pluggable block devices, 87Point-to-Point Protocol (PPP)
for frames, 54for host setup, 88
PORT_CHAN option, 248port device, 43port-helper utility, 312
Portsconsoles for, 41–45for multicast transport, 152with Slirp, 144for uml_switch, 162
PPP (Point-to-Point Protocol)for frames, 54for host setup, 88
ppp0 device, 92PPPoE connections, 136print statement, 13Privileged contexts, 231Privileges
with jails, 220in virtual machines, 9
proc command, 176for files, 310process context for, 186
proc directoryfor cpu, 36–37, 219for diskstats, 261–264examining, 176for filesystems, 34–35, 102–103for guest scheduler, 295for interrupts, 35–36for mconsole, 187–188for memory. See meminfo commandfor mm, 199, 201for sysrq, 172
Process contexts, requests in, 186Process IDs (PIDs) for signals, 189process_kern.c file, 178Processes, 18
contexts for, 231in execution modes. See Execution modesjailed, 2–3listing, 29–30permissions for, 213virtual, 282–283
Processors, multiple, 243–244procfs filesystem, 34promisc flag for pcap, 154Proxies for performance, 259Proxy arp
for host routing, 58for TUN/TAP, 128
ps command, 29–30
Dike.book Page 322 Monday, March 6, 2006 6:50 PM
Index 323
Pseudo-terminals, 79–81PT_PROXY option, 242ptrace
gdb with, 242for intercepting system calls, 231in skas3 mode, 202in sysemu, 226in tt mode, 199
PTRACE_FAULTINFO patch, 200–202, 227PTRACE_LDT option, 202PTRACE_SWITCH_MM option, 199pts device
for consoles and serial lines, 42–44, 79–81with jails, 218–219
PTY_CHAN option, 248pty device, 43Pulavarty, Badari, 227
QQueries, MConsole, 168
for Ctrl-Alt-Del handler, 171–172for forcing threads into contexts, 177–179for halting and rebooting instances, 169,
171for hardware configuration, 169–170for help, 179–180for logging to instance kernel log, 175for proc, 176for running commands, 180–182for sending interrupts, 179for stopping and restarting instances,
174–175for SysRq handler, 172–174for version, 168–169
quit command, 309Quotas on hosts, 118
R-r switch
for screen, 204–205for ubd, 303for uname, 168
randconfig configurator, 238random file, 247
Random numbers, 246–247Raw data, disks As, 53–54Read-only files, 64Read-only locks, 68Read-write locks, 68Reading files, 113readlinedevel package, 266Readlinks, 113Real-time clock, 245–246Real-time tasks, 174reboot command
vs. cad, 171for instances, 169process context for, 186in uml_mconsole, 310
Rebooting instances, 169, 171Registers, dumping, 174remap_file_pages call, 230–231Remote logins, 94remove command
for devices, 169process context for, 186in uml_mconsole, 310
RequestsMConsole, 184–186web site, 284–285
Resizing filesystems, 118resolv.conf file
for host setup, 91–92for TUN/TAP, 132–133
respawn command, 82Restarting instances, 174–175Restoring timestamps, 70root option, 302Root privileges
and capabilities, 213with jails, 220in virtual machines, 9
/rootfs switch for uml_moo, 71route command and routing, 57
for bridging, 138for host setup, 91for instances, 76–77for multicast networks, 158for network interfaces, 255for TUN/TAP. See TUN/TAP devicesfor uml_switch, 165
Running commands within instances, 180–182
Dike.book Page 323 Monday, March 6, 2006 6:50 PM
324 Index
Ss command in sysrq, 174-s switch
for screen, 204for ubd, 303for uname, 168
Scaling in application-level clustering, 294Schedulers, guest, 295–297schedulers file, 295–297screen tool, 204–205Searching file contents, 114Secure mod_perl, 283–285Security
in application-level clustering, 293in bridging, 140in captive UML, 288–289for host setup, 93for large servers, 211
configuration for, 212–216console, 223–225jailing instances, 216–223skas3 vs. skas0, 225–226
for TUN/TAP devices, 129–132Seekable host files, 53Sending interrupts to instances, 179Separate kernel address space mode. See skas
(separate kernel address space) modeSerial Line IP (SLIP)
configuring, 150for frames, 54for host network access, 144for host setup, 88
Serial linessetting up, 40–47virtual, 79–82
Server consolidation, 8–10servers. See Large server management; Small
server setupsetuid files, 113–114shadow_fs metadata format, 111–113shadowfs file, 112Shared memory for device emulation, 82--showconfig option, 305Shutting down, 59–60SIGBUS signal, 207SIGHUP signal, 189SIGINT signal, 179, 189, 203
SIGIO signal, 36SIGKILL signal, 173Signals for instance management, 188–189SIGSEGV signal, 195, 200–201SIGTERM signal, 173, 189SIGTSTP signal, 203SIGWINCH signal, 36Simulating hardware, 273–274Single-System Image (SSI) cluster, 292–293Size
of backing files, 69in copying data into instances, 86of COW files, 65–66of filesystems, 118
skas (separate kernel address space) mode, 194–196
enabling, 240skas0, 195–196
with jails, 218vs. skas3, 225–226working with, 200–201
skas3, 195–196with jails, 218vs. skas0, 225–226working with, 198–200
for threads, 179Slave UMLs, 80–81SLIP (Serial Line IP)
configuring, 150for frames, 54for host network access, 144for host setup, 88
Slirp networking emulatorconfiguring, 150–151for host network access, 144–145
Small server setup, 191–192execution modes in, 194–196
patches for, 201–202skas0, 200–201skas3, 198–200tt, 197–198Vanderpool and Pacifica, 202–203
kernel version in, 192–194long-lived instances in, 203–205for memory, 206–208for networking, 206recommendations for, 209–210umid directories in, 209
Dike.book Page 324 Monday, March 6, 2006 6:50 PM
Index 325
SMP (Symmetric Multi-Processing), 197SMP option, 243–244Sniffers, 146Sockets
with hostfs, 107–108with humfs, 110in MConsole, 185notifications with, 188with uml_switch, 152–153
Solaris zones, 3Source, downloading, 234–235--sparse switch, 175Specialized configurations, 251
clusters, 265–273large numbers of devices
memory, 257–265network interfaces, 251–257
Spoofing in bridging, 142ssh command, 94–95ssh keys, 181ssh sessions, random numbers for, 246SSI (Single-System Image) cluster, 292–293SSL option, 248SSL_CHAN option, 248Stack, dumping, 174, 178stack command, 177–179, 310Standard application programming interface
in captive UML, 289STATIC_LINK option, 240–241Static linking
configuration option for, 240–241with jails, 218
stop command, 310Stopping
instances, 174–175virtual machines, 117
strace tool, 226su with jails, 220Subnets for instances, 76Subsystems, virtualized, 295–298superblock files, 111–112, 118Swap space
adding, 47–49with compartments, 297for instances, 26for jails, 223MADV_TRUNCATE for, 228partitions for, 52performance of, 259–265
swapoff command, 223swapon command, 52, 223switch command, 309switch-tap option, 153Switches
for packets, 72virtual, 136
Symbolic links, 113Symmetric Multi-Processing (SMP), 197Synchronization
clock, 28in sysrq, 174
Synchronous files, 115–117sysemu patch, 226–227sysrq command and SysRq handler
for backups, 116–117invoking, 172–174MAGIC_SYSRQ for, 246in uml_mconsole, 310
sysrq file, 172System call tracing, 212System-level programming, 12System memory savings, COW files for, 64
Tt command in sysrq, 174-t switch
for iptables, 92for tunctl, 124, 311for xterm, 302
-tap switch for uml_switch, 311Tape drives for copying data into instances,
84–85tar files
for copying data into instances, 84–85copying into UML, 53length of, 87for moving backing files, 69for source, 235
Taskskilling, 173real-time, 174
tcpdumpfor multicast networks, 158–159with pcap, 145for TUN/TAP, 125–127, 131–132for uml_switch, 164–165
Dike.book Page 325 Monday, March 6, 2006 6:50 PM
326 Index
telnet, 43, 45–47telnetd, 46Terminal emulators, 302Testing
COW files for, 64testbeds for, 9–10TUN/TAP devices, 135–136
Threadsin execution modes. See Execution modesforcing into contexts, 177–179
3_LEVEL_PGTABLES option, 245Time to live (TTL) setting, 151–152Timers
listing, 35–36real-time clock for, 245–246
Timestamps, 69–70Timing bugs, 13tmp directory
for bind mounts, 214–215copying files to, 67, 82for databases, 281for filesystems, 34, 103for jails, 219, 221for memory, 31–32, 206–207for processes, 106
tmpfs filesystem, 32, 34, 102, 207Torvalds, Linus, 7touch command, 70Tracing thread (tt) mode, 194–196
enabling, 240for threads, 178working in, 197–198
Traffic analysis tools, 146Translation of filesystem requests, 104Transports
configuration options for, 247–248networking, 142–143
configuring, 147–154for host network access, 143–145for isolated networks, 145–146selecting, 146–147
tt (tracing thread) mode, 194–196enabling, 240for threads, 178working in, 197–198
TTL (time to live) setting, 151–152TTY_CHAN option, 248tty_log_dir option, 305
tty_log_fd option, 305tun file, 55, 57, 123TUN/TAP devices, 35, 57
bridging with, 136–142for frames, 54for host network access, 143in host setup, 88–90with routing, 121–122
configuring, 122–124, 149connectivity in, 125–129DHCP for, 134–135for outside network access, 132–133security for, 129–132testing, 135–136
tunctl utilityreference, 310–311working with, 122–124
tuntap command, 149
Uu command in sysrq, 174-u switch for tunctl, 124, 311ubd devices, 34
advantages of, 119for filesystem access, 114–115image backup for, 117partitioning, 50
ubd option, 303ubd0 file, 26ubda switch for COW files, 62ubdb file, 26
for copying data into instances, 84–85for swap space, 48
udb option, 303UID root, 109UIDs (user IDs)
in filesystem extensions, 118in ownership, 106–107
umid (unique machine ID), 42umid directory
with jails, 219process IDs in, 189in small server setup, 209
umid option, 304uml.ctl socket, 152uml_dir option, 305
Dike.book Page 326 Monday, March 6, 2006 6:50 PM
Index 327
uml_mconsole command, 182–183. See also Management Console (MConsole)
for bridging, 138for copying data into instances, 84for devices, 43for host ports, 41–45for hosts, 87, 89for network devices, 56reference, 308–310for TUN/TAP device connectivity, 125for virtual serial lines, 80
uml_moo toolfor merging COW files, 71reference, 308
UML_NET options, 247–248uml_net utility, 125, 129–130, 312UML_RANDOM option, 246–247UML_REAL_TIME_CLOCK option,
245–246uml_switch process, 148
configuring, 152–154example, 160–166for isolated networks, 145reference, 311
UML_WATCHDOG option, 247, 312uname command, 168Unique machine ID (umid), 42Unique machine id (umid) directory
with jails, 219process IDs in, 189in small server setup, 209
UNIX socketswith hostfs, 107–108with humfs, 110in MConsole, 185with uml_switch, 152–153
-unix switch for uml_switch, 311Unplugging devices, 169–170Unprivileged contexts, 231untar command, 53, 85User IDs (UIDs)
in filesystem extensions, 118in ownership, 106–107
User mode vs. kernel mode, 212User notifications, 188Utilities reference
humfsify, 307–308
internal, 312tunctl, 310–311uml_mconsole, 308–310uml_moo, 308uml_switch, 311
V-v option for uname, 168valgrind, 244Vanderpool execution mode, 202–203VCPU, 231version command, 168–169, 309--version option, 305Version queries, 168–169Virtual filesystems, 101–104Virtual hardware configuration options,
246–247Virtual machines, purpose of, 3–4Virtual memory, 230–231Virtual operating systems, 2Virtual Private Networks (VPNs), 89Virtual processes, 282–283Virtual processors, 243–244Virtual serial lines, 79–82Virtual switches, 136Virtualized subsystems, 295–298vmalloc space, 258vmlinux file, 249–250vmlinuz file, 249VMWare technology, 2–3VPNs (Virtual Private Networks), 89vserver project, 2vtund, 89
WWATCHDOG option, 247Web site requests, 284–285wget
for connectivity, 74for host setup, 94
winch interrupt, 36Wright, Chris, 234Write-protecting hostfs directories, 216
Dike.book Page 327 Monday, March 6, 2006 6:50 PM
328 Index
XX11 utilities, 96Xauthority application, 95.Xauthority file, 95xconfig configurator, 235–237xdpyinfo, 96Xen technology, 2–3xhost application, 95, 98xload, 96
Xnest, 96–99xorg-x11-tools package, 96nxterm option, 43–44, 96, 302XTERM_CHAN option, 248xterm windows, 29
ZZones, Solaris, 3
Dike.book Page 328 Monday, March 6, 2006 6:50 PM
top related