313

I N D E X

A-a option

for cp, 69for ifconfig, 56, 124for uname, 168

Access control lists (ACLs), 95Address Resolution Protocol (ARP)

for Ethernet, 11, 58for host setup, 89

Address space manipulation, 199Addresses. See IP addresses; MAC addressesAdministration in captive UML, 287–289Administrators, console access by, 224–225aio_abi.h file, 249AIO facility, 192–193aio option, 304allmodconfig configurator, 239allnoconfig configurator, 239Always disallow TCP connections to X server

option, 96anon driver, 227–228Apache servers, 94append switch for hostfs, 215–216Application administration in captive UML,

287–289Application-level clustering, 289–294Application programming interface in captive

UML, 289ARCH, 239ARP (Address Resolution Protocol)

for Ethernet, 11, 58for host setup, 89

arp commandfor network interfaces, 255–257for TUN/TAP, 127–128, 131

Attackshumfs for, 216packet faking, 122–123with TUN/TAP, 130

Audio pass-through driver, 301

Authenticationin captive UML, 288in MConsole requests, 185

Authorizationin captive UML, 288in host setup, 95in MConsole requests, 185

Bb command in sysrq, 173-b switch

for tunctl, 124, 311for uml_moo, 71, 308

Backing filesCOW, 62–65merging with, 70–71moving, 69–70

BackupsCOW files for, 64for filesystems, 116–117

bash command, 57Bind mounts, 214–215Block devices

configuring, 170, 303pluggable, 87using and abusing, 83–87

Block drivers, 23–25Booting

clusters, 268–272from COW files, 67–68first time, 20–24successful, 24–28

Bottlenecks, 203, 208brctl utility, 137–138Breakpoints, 178bridge-utilities package, 137Bridging

security in, 140setting up, 136–139

Dike.book Page 313 Monday, March 6, 2006 6:50 PM

314 Index

Broadcast domains for host setup, 89BSD jail, 2Buffered I/O, 194Bug fixes, 234Bug-tracking system, 287Builds, 249–250BusyBox project, 10bzip files, 87

C-c switch for ubd, 303Cached data, 115cad command, 310CAP_SYS_RAW, 213Capabilities, permissions for, 213Captive UML, 283

application administration, 287–289application-level clustering, 289–294Evolution, 286–287secure mod_perl, 283–285standard application programming

interface, 289Carvalho de Melo, Arnaldo, 7chroot technology, 2, 71, 216–217, 220–221CKRM (class-based linux Kernel Resource

Management), 297Clock

real-time, 245–246synchronizing, 28

close calls, 113cluster.conf file, 267–269Clusters, 265–268

application-level, 289–294available, 273booting, 268–272exercises, 272–273

CMDLINE_ON_HOST option, 241–242Code pages, 201Collaboration, clustering for, 292–293Command-line options, 301

debugging, 303–304device and hardware specifications,

301–303informational, 305management, 304–305

Commands, running within instances, 180–182

Compartmentalization, 297–298Compiling, 233–234

builds, 249–250configuration interfaces, 235–240configuration options

console, 248debugging, 249execution mode-specific, 240–243generic, 243–246networking, 247–248virtual hardware, 246–247

source downloading for, 234–235CON_CHAN option, 248CON_ZERO_CHAN option, 248config command

for devices, 169process context for, 186in uml_mconsole, 310

config configurator, 237–238CONFIG_EXTERNFS option, 213–214CONFIG_HOSTFS option, 213–214CONFIG_IP_MROUTE option, 152CONFIG_IP_MULTICAST option, 152CONFIG_MAGIC_SYSRQ option, 172CONFIG_MODE_SKAS option, 199CONFIG_MODE_TT option, 199–200, 218CONFIG_STATIC_LINK option, 218configfs filesystem, 266"connection refused" message, 96Connectivity with TUN/TAP devices,

125–129Consistency problem, 115Consoles, 40–47

configuring, 170, 248for host ports, 41–45MConsole. See Management Console

(MConsole)security for, 223–225

Consolidating servers, 8–10Contexts

forcing threads into, 177–179process, 186, 231

Cookies, Xauthority, 95Copy-On-Write files. See COW (Copy-On-

Write) files

Dike.book Page 314 Monday, March 6, 2006 6:50 PM

Index 315

Copying data into instances, 83–87Corrupted filesystems, 68Cost savings, 8COW (Copy-On-Write) files, 11, 61–66

backing files for, 62–65merging with, 70–71moving, 69–70

for backups, 117booting from, 67–68in small server setup, 208sparseness of, 175

cp command, 69cpuinfo file, 36, 219CPUs, multiple, 243–244Ctrl-Alt-Del handler, 171–172Ctrl-C, signals from, 203Ctrl-Z, signals from, 203

D-d switch

for screen, 205for tunctl, 124, 311for ubd, 303for uml_moo, 71

Daemon transport, 152, 154Databases

in captive UML, 288metadata, 113–115package, 278–282

date command, 70dd command

for copying data into instances, 85–87for copying files, 53for swap space, 47

debug option, 304Debugging, 13

options for, 249, 303–304PT_PROXY for, 242

Decision-making for hardware, 273–274Default Apache install page, 94Default configuration, 239–240Default gateways for uml_switch, 163Default ports for multicast transport, 152Default routes

for host setup, 91for TUN/TAP, 133

Default values for transports, 148defconfig configurator, 235, 239Deleting routes, 77Denial-of-service attacks, 216dev with jails, 219Development uses, 12–13Devices

hardware specifications for, 301–303memory-mapped I/O for, 82queries for, 169–170TUN/TAP. See TUN/TAP devices

devpts filesystem, 34df command, 34DHCP

in bridging, 139–140for host setup, 89for transports, 148through TUN/TAP devices, 134–135

dhcp-fwd service, 134–135dir_metadata file, 112Disable option for xconfig, 236Disaster recovery, 13–14Disk numbers for partitions, 50Disks

listing, 35–36partitioned, 49–52as raw data, 53–54saving space on

COW files for, 62–66humfs for, 111

for swap space. See Swap spacediskstats file, 261DISPLAY environment variable, 96–97dmesg command, 22

for consoles, 40, 42for host setup, 90

DocumentRoot, 94Downloading source, 234–235Drivers

block, 23–25initializing, 22–23loopback, 24–25

DSL connections, 136dsp option, 301Duality of UML, 18Dumping

memory statistics, 172–173registers and stack, 174, 178

Dike.book Page 315 Monday, March 6, 2006 6:50 PM

316 Index

Dynamic linkingconfiguration option for, 240–241with jails, 218

Ee command, 173-e switch for xterm, 302e2fsprogs-devel package, 266EAGAIN value, 36ebtables, 140–141Educational uses, 10–12Efficiency, filesystem, 119Emacs, 289Embedded hardware, 13Emulating devices, 82Enable option for xconfig, 236Encapsulation in SLIP, 144ERR message, 182Error indicators in MConsole requests, 185eth option, 302–303Ethernet

in bridging, 136, 139in host setup, 89for instances, 72–73IP addresses for, 57–58in SLIP transport, 144

Ethernet cards, 134Ethertap

configuring, 150for frames, 54for host network access, 143for host setup, 88

Evolution, 286–287Exchanging packets, 72–73Exclusive locks, 68exec command, 181Execution modes

options for, 240–243in small server setup, 194–196

patches for, 201–202skas0, 200–201skas3, 198–200tt, 197–198Vanderpool and Pacifica, 202–203

ext2 filesystem, 24, 118

ext2online filesystem, 118ext3 filesystem, 118Extending filesystems, 117–118externfs filesystem, 277–282

Ff command in sysrq, 173-f switch

for log, 175, 310for tunctl, 311

fake_ide option, 303Faking packets, 122–123fd directory, 31fd file descriptor, 43–44fdisk tool, 50–51file command, 19, 24file_metadata file, 109, 112Filenames for backing files, 69Filesystems, 101

backups for, 116–117booting, 26corrupted, 68extending, 117–118externfs, 277–282host access to, 114–116host directory mounting, 101–104

with hostfs, 104–108with humfs, 108–114

selecting, 119–120filesystems file, 34–35, 102–103Filters

for pcap, 154for TUN/TAP, 130

Firewallsin host setup, 92–93for TUN/TAP, 132

fonts-xorg-75dpi package, 96nForcing threads into contexts, 177–179FORWARD chains, 141Frames

in bridging, 136, 139host setup for, 88–89transmission of, 54

free command, 52fsck message, 26

Dike.book Page 316 Monday, March 6, 2006 6:50 PM

Index 317

fstab filefor small server setup, 207for swap space, 52sync options in, 115

Future of UML, 14–15, 275–277captive UML, 283

application administration, 287–289application-level clustering, 289–294Evolution, 286–287secure mod_perl, 283–285standard application programming

interface, 289conclusion, 298–299externfs filesystem, 277–282virtual processes, 282–283virtualized subsystems, 295–298

fvwm window manager, 97

Ggconfig configurator, 238gcov, 12, 249GCOV option, 249gdb

in debugging, 12, 178with ptrace, 242

gdb-pid option, 304gdmsetup, 96getpid loops, 226gettimeofday command, 28, 245getty

for consoles, 45–46for virtual serial lines, 79–82

gettys, 29GFS clusters, 273Giarrusso, Paolo, 7, 200, 231GID (group ID) root, 109GIMP, 289glibc, 192glibc2-devel package, 266go command, 310gprof, 12, 249GPROF option, 249Group ID (GID) root, 109GRUB command, 23GTK toolkit, 238Guest scheduler, 295–297

Hhalt command

vs. cad, 171for instances, 169process context for, 186for shutdown, 59in uml_mconsole, 309

Hang notifications, 186, 188Hardware

configuration options for, 246–247decision-making for, 273–274developing, 13queries for, 169–170specifications for, 301–303

Header files, 249help command, 179–180, 309--help option, 305HighFree field, 258HIGHMEM option, 244Highmem support, 258

in skas mode, 200in small server setup, 208in tt mode, 197–198

HighTotal field, 258History of UML, 4–8home, mounting, 214HOST_2G_2G option, 241Host directory mounting, 101–104

with hostfs, 104–108with humfs, 108–114

host filesystem, 103hostfs, 101–102

advantages of, 119append switch, 215–216for bind mounts, 215for file access, 114–116for host directory mounting, 104–108for mount restrictions, 214

Hostsconsoles for, 41–45filesystem access by, 114–116instance management from. See Instances;

Management Console (MConsole)intercepting and nullifying calls to, 226kernel in, 18memory consumption by, 25–26in networking, 87–99, 143–145

Dike.book Page 317 Monday, March 6, 2006 6:50 PM

318 Index

Hosts continuedproxy arp for, 58for serial lines, 79–81

Hot-plug memory, 228–230Hot-plugging devices, 169–170httpd file, 94httpd.conf file, 94, 285https sessions, random numbers for, 246-hub switch for uml_switch, 153, 311Hubs, 72humfs, 101–102, 104

advantages of, 119for denial-of-service attacks, 216for file access, 114–116for host directory mounting, 108–114in small server setup, 208

humfsify commandfor humfs, 110–111reference, 307–308

hwclock program, 28hwrng file, 247

Ii command in sysrq, 173ifconfig command, 54–56

for host setup, 90for instances, 73–77for interfaces, 124, 253–254

Informational options, 305Inheritance of capabilities, 213init process, 171Initializing drivers, 22–23initrd option, 302inittab file

for Ctrl-Alt-Del handler, 171editing, 45–46for serial lines, 40, 79–80, 82

INPUT chains, 141Instance kernel log, 175Instances

block devices for, 83–87for console server, 224–225COW files for. See COW (Copy-On-Write)

fileshalting and rebooting, 169, 171

jailing, 216–223managing, 167

with Management Console. See Management Console (MConsole)

with signals, 188–189networking, 71–79running commands within, 180–182sending interrupts to, 179stopping and restarting, 174–175

int command, 309Intercepting host system calls, 226Internal utilities, 312Internet collaboration, clustering for, 292Interprocess communication (IPC)

mechanisms, 72Interrupts

handling, 186sending to instances, 179

interrupts file, 35–36I/O

AIO facility for, 192–194MADV_TRUNCATE for, 228

iomem driver, 247, 302IP addresses

in bridging, 137, 139for Ethernet, 57–58for hosts, 87–90, 93, 96for instances, 73, 75–76reusing, 56–57for transports, 148for TUN/TAP, 124–126, 130–134for virtual serial lines, 82

IPC (interprocess communication) mechanisms, 72

iptablesfor bridging, 142for filtering, 130–132for host setup, 92–93

Isolated networks, transports for, 145–146

Jjail switch

for hostfs, 215for uml_moo, 71

Dike.book Page 318 Monday, March 6, 2006 6:50 PM

Index 319

Jailed processes, 2–3Jailing instances, 214–224

KKernel

logs for, 173logging to, 175for multicast networks, 155

security for, 212–214versions of

queries for, 168–169in small server setup, 192–194

virtualized subsystems in, 295KERNEL_HALF_GIGS option, 242–243Kernel-level programming, 12Kernel mode, 212Kernel modules, 212–213KERNEL_STACK_ORDER option, 244Kernel tree, 234–235Keyboards listing, 35–36Killing tasks, 173Kroah-Hartman, Greg, 234

LLarge numbers of devices, configuring

memory, 257–265network interfaces, 252–257

Large server management, 211final points, 232future enhancements

MADV_TRUNCATE, 227–230PTRACE_FAULTINFO, 227remap_file_pages, 230–231sysemu patch, 226–227VCPU, 231

security forconfiguration for, 212–216console, 223–225jailing instances, 216–223skas3 vs. skas0, 225–226

LDT (Local Descriptor Table) entries, 199len field in MConsole requests, 185lib file, 217libpcap, 145

Libraries with jails, 217–218LILO command, 23Linking, dynamic and static

configuration option for, 240–241with jails, 218

Links, symbolic, 113linux file, 249–250Local Descriptor Table (LDT) entries, 199Locks

in application-level clustering, 291for instances, 68

log command, 175, 310log level setting, 173Login prompt, 29Logins

console for, 224as normal users, 39–40for running commands, 181

Long-lived instances, 203–205longjmp command, 179Loop-mounting images on hosts, 115Loopback drivers, 24–25LowFree field, 258LowTotal field, 258ls command line, 47ltrace, 12Lustre clusters, 273

Mm command in sysrq, 172–173-m switch for screen, 205MAC addresses

in bridging, 136, 139for host setup, 90for instances, 75for transports, 148for TUN/TAP, 127, 134–135

MADV_TRUNCATE patch, 227–230Magic SysRq facility, 116–117MAGIC_SYSRQ option, 246Management Console (MConsole)

for backups, 117MConsole protocol, 183–186notifications, 186–188for partitions, 50Perl library, 185

Dike.book Page 319 Monday, March 6, 2006 6:50 PM

320 Index

Management Console (MConsole) continuedfor queries. See Queries, MConsolerequests in, 184–186uml_mconsole client, 182–183

Management options, 304–305Mapping

file operations to host operations, 104–108memory, 230–231, 244in skas3, 199

Masquerading, 92–93Master UMLs, 80–81Maximal Transfer Units (MTUs), 136mcast command, 89, 151–152MConsole. See Management Console

(MConsole); Queries, MConsolemconsole driver, 23–24, 304MCONSOLE option, 246MConsole protocol, 183–185mem file

for kernel access, 213for swap space, 48

mem option, 302meminfo command, 261–262

for debugging, 176for instances, 258output from, 30–32for scalability limits, 252for swap space, 48

Memoryconfiguring, 170, 257–265consumption of

host, 25–26monitoring. See meminfo command

Highmem support for, 197–198, 200, 244mapping, 230–231, 244saving

COW files for, 62, 64, 68MADV_TRUNCATE for, 227–230

small server setup for, 206–208statistics dumping for, 172–173swap space for. See Swap spaceusage information, 30–32

Memory-mapped I/O, 82Memory pages, 198, 230–231menuconfig configurator, 236–237Merging COW files with backing files,

70–71metadata file, 112

Metadata for files, 109–115mixer option, 301mkfs for clusters, 270mm process, 199, 201–202mmap, 104, 201, 208MMAPPER option, 247mnt directory, 105mod_perl module, 283–285mode option, 304MODE_SKAS option, 240MODE_TT option, 240Modification time for backing files, 69–70modprobe command, 57Modular option for xconfig, 236Molnar, Ingo, 230–231Monitoring memory consumption. See

meminfo commandMorton, Andrew, 7, 231, 265mount command, 105Mounting host directories, 101–104

with hostfs, 104–108with humfs, 108–114

Moving backing files, 69–70mprotect, 201MTUs (Maximal Transfer Units), 136Multicasts, 72–73

configuring, 151–152example networks, 155–160with instances, 75–78for isolated networks, 145

Multiple clustered applications, 292Multiple instances, COW files for. See COW

(Copy-On-Write) filesMultiple processors, 243–244Multiple users, hostfs with, 107munmap, 201

Nn command in sysrq, 174-n option for uname, 168Name server responses, faking, 123Named pipes

hostfs with, 108humfs with, 110

Namesfor devices, 124

Dike.book Page 320 Monday, March 6, 2006 6:50 PM

Index 321

for partitions, 50for screen sessions, 205

ncpus option, 302NEST_LEVEL option, 241Network Address Translation (NAT), 92network file, 269Network sniffers, 146Networking, 54–59, 121

configuration options for, 247–248examples

multicast, 155–160summary, 166uml_switch, 160–166

filesystem access in, 104hosts in, 87–99instances, 71–79interface configuration for, 170, 252–257manual setup for

bridging, 136–142TUN/TAP. See TUN/TAP devices

small server setup for, 206transports, 142–143

configuring, 147–154for host network access, 143–145for isolated networks, 145–146selecting, 146–147

New connection message, 162NFS clusters, 273nfs directory, 103Nodes, cluster, 268–272nodev entries, 102-nolisten tcp, 96Nonbroadcast frames in bridging, 139Nondevice filesystems, 102none device, 43Nonexclusive read-only locks, 68nooptimize flag for pcap, 154noprocmm option, 304noptracefaultinfo option, 304Normal user logins, 39–40nosysemu option, 304Notifications

for jails, 222–223MConsole, 186–188

NR_CPUS option, 243–244NULL_CHAN option, 248null device, 43Nullifying host system calls, 226

OO_APPEND option, 215O_DIRECT I/O

caches in, 119in host kernel, 192–194in small server setup, 208

-o option for hostfs, 105–106o2cb file, 267ocfs2 clusters, 290–291, 293–294ocfs2 script, 265–267ocfs2console, 266od utility, 86OK message, 182oldconfig configurator, 235, 238Omitted transport parameters, 148open calls, 113Openswan project, 10optimize flag for pcap, 154Oracle, 265Out-of-memory condition, 173OUTPUT chains, 141Outside network access, 132–133Overwriting files, preventing, 215Ownership of files, 106–110, 112

Pp command in sysrq, 174-p switch for cp and tar, 69Pacifica execution mode, 202–203Packages, databases for, 278–282Packets

exchanging, 72–73faking, 122–123forwarding, 127with instances, 74, 77–78transmission of, 55

Page-by-page memory mapping, 230–231Page faults, 199–200Panic notifications, 186, 188Parameters for transports, 148Partitioned disks, 49–52passwd file, 101password prompt for running commands,

181Passwords in captive UML, 288

Dike.book Page 321 Monday, March 6, 2006 6:50 PM

322 Index

Patches, 234for execution modes, 201–202for performance, 226–227

pcap transportconfiguring, 154for isolated networks, 145–146

Performancebottlenecks in, 203, 208COW files for, 64memory for, 259–265PTRACE_FAULTINFO patch for, 227remap_file_pages for, 230–231in skas3 Mode, 198in SLIP transport, 144in small server setup, 208sysemu patch for, 226–227

Perl library, 185Permissions

in application-level clustering, 291for capabilities, 213for files, 106–110, 112for host setup, 95for security, 123

physdev module, 142Physical memory, small server setup for,

206–208pid file with jails, 222–223PIDs (process IDs) for signals, 189ping command, 58

for bridging, 141for host setup, 90–91, 93–94for instances, 76–78for multicast networks, 158–160for network interfaces, 254, 256–257for TUN/TAP, 125–129, 133for uml_switch, 162–166

Pipeswith hostfs, 108with humfs, 110with uml_switch, 153

Pluggable block devices, 87Point-to-Point Protocol (PPP)

for frames, 54for host setup, 88

PORT_CHAN option, 248port device, 43port-helper utility, 312

Portsconsoles for, 41–45for multicast transport, 152with Slirp, 144for uml_switch, 162

PPP (Point-to-Point Protocol)for frames, 54for host setup, 88

ppp0 device, 92PPPoE connections, 136print statement, 13Privileged contexts, 231Privileges

with jails, 220in virtual machines, 9

proc command, 176for files, 310process context for, 186

proc directoryfor cpu, 36–37, 219for diskstats, 261–264examining, 176for filesystems, 34–35, 102–103for guest scheduler, 295for interrupts, 35–36for mconsole, 187–188for memory. See meminfo commandfor mm, 199, 201for sysrq, 172

Process contexts, requests in, 186Process IDs (PIDs) for signals, 189process_kern.c file, 178Processes, 18

contexts for, 231in execution modes. See Execution modesjailed, 2–3listing, 29–30permissions for, 213virtual, 282–283

Processors, multiple, 243–244procfs filesystem, 34promisc flag for pcap, 154Proxies for performance, 259Proxy arp

for host routing, 58for TUN/TAP, 128

ps command, 29–30

Dike.book Page 322 Monday, March 6, 2006 6:50 PM

Index 323

Pseudo-terminals, 79–81PT_PROXY option, 242ptrace

gdb with, 242for intercepting system calls, 231in skas3 mode, 202in sysemu, 226in tt mode, 199

PTRACE_FAULTINFO patch, 200–202, 227PTRACE_LDT option, 202PTRACE_SWITCH_MM option, 199pts device

for consoles and serial lines, 42–44, 79–81with jails, 218–219

PTY_CHAN option, 248pty device, 43Pulavarty, Badari, 227

QQueries, MConsole, 168

for Ctrl-Alt-Del handler, 171–172for forcing threads into contexts, 177–179for halting and rebooting instances, 169,

171for hardware configuration, 169–170for help, 179–180for logging to instance kernel log, 175for proc, 176for running commands, 180–182for sending interrupts, 179for stopping and restarting instances,

174–175for SysRq handler, 172–174for version, 168–169

quit command, 309Quotas on hosts, 118

R-r switch

for screen, 204–205for ubd, 303for uname, 168

randconfig configurator, 238random file, 247

Random numbers, 246–247Raw data, disks As, 53–54Read-only files, 64Read-only locks, 68Read-write locks, 68Reading files, 113readlinedevel package, 266Readlinks, 113Real-time clock, 245–246Real-time tasks, 174reboot command

vs. cad, 171for instances, 169process context for, 186in uml_mconsole, 310

Rebooting instances, 169, 171Registers, dumping, 174remap_file_pages call, 230–231Remote logins, 94remove command

for devices, 169process context for, 186in uml_mconsole, 310

RequestsMConsole, 184–186web site, 284–285

Resizing filesystems, 118resolv.conf file

for host setup, 91–92for TUN/TAP, 132–133

respawn command, 82Restarting instances, 174–175Restoring timestamps, 70root option, 302Root privileges

and capabilities, 213with jails, 220in virtual machines, 9

/rootfs switch for uml_moo, 71route command and routing, 57

for bridging, 138for host setup, 91for instances, 76–77for multicast networks, 158for network interfaces, 255for TUN/TAP. See TUN/TAP devicesfor uml_switch, 165

Running commands within instances, 180–182

Dike.book Page 323 Monday, March 6, 2006 6:50 PM

324 Index

Ss command in sysrq, 174-s switch

for screen, 204for ubd, 303for uname, 168

Scaling in application-level clustering, 294Schedulers, guest, 295–297schedulers file, 295–297screen tool, 204–205Searching file contents, 114Secure mod_perl, 283–285Security

in application-level clustering, 293in bridging, 140in captive UML, 288–289for host setup, 93for large servers, 211

configuration for, 212–216console, 223–225jailing instances, 216–223skas3 vs. skas0, 225–226

for TUN/TAP devices, 129–132Seekable host files, 53Sending interrupts to instances, 179Separate kernel address space mode. See skas

(separate kernel address space) modeSerial Line IP (SLIP)

configuring, 150for frames, 54for host network access, 144for host setup, 88

Serial linessetting up, 40–47virtual, 79–82

Server consolidation, 8–10servers. See Large server management; Small

server setupsetuid files, 113–114shadow_fs metadata format, 111–113shadowfs file, 112Shared memory for device emulation, 82--showconfig option, 305Shutting down, 59–60SIGBUS signal, 207SIGHUP signal, 189SIGINT signal, 179, 189, 203

SIGIO signal, 36SIGKILL signal, 173Signals for instance management, 188–189SIGSEGV signal, 195, 200–201SIGTERM signal, 173, 189SIGTSTP signal, 203SIGWINCH signal, 36Simulating hardware, 273–274Single-System Image (SSI) cluster, 292–293Size

of backing files, 69in copying data into instances, 86of COW files, 65–66of filesystems, 118

skas (separate kernel address space) mode, 194–196

enabling, 240skas0, 195–196

with jails, 218vs. skas3, 225–226working with, 200–201

skas3, 195–196with jails, 218vs. skas0, 225–226working with, 198–200

for threads, 179Slave UMLs, 80–81SLIP (Serial Line IP)

configuring, 150for frames, 54for host network access, 144for host setup, 88

Slirp networking emulatorconfiguring, 150–151for host network access, 144–145

Small server setup, 191–192execution modes in, 194–196

patches for, 201–202skas0, 200–201skas3, 198–200tt, 197–198Vanderpool and Pacifica, 202–203

kernel version in, 192–194long-lived instances in, 203–205for memory, 206–208for networking, 206recommendations for, 209–210umid directories in, 209

Dike.book Page 324 Monday, March 6, 2006 6:50 PM

Index 325

SMP (Symmetric Multi-Processing), 197SMP option, 243–244Sniffers, 146Sockets

with hostfs, 107–108with humfs, 110in MConsole, 185notifications with, 188with uml_switch, 152–153

Solaris zones, 3Source, downloading, 234–235--sparse switch, 175Specialized configurations, 251

clusters, 265–273large numbers of devices

memory, 257–265network interfaces, 251–257

Spoofing in bridging, 142ssh command, 94–95ssh keys, 181ssh sessions, random numbers for, 246SSI (Single-System Image) cluster, 292–293SSL option, 248SSL_CHAN option, 248Stack, dumping, 174, 178stack command, 177–179, 310Standard application programming interface

in captive UML, 289STATIC_LINK option, 240–241Static linking

configuration option for, 240–241with jails, 218

stop command, 310Stopping

instances, 174–175virtual machines, 117

strace tool, 226su with jails, 220Subnets for instances, 76Subsystems, virtualized, 295–298superblock files, 111–112, 118Swap space

adding, 47–49with compartments, 297for instances, 26for jails, 223MADV_TRUNCATE for, 228partitions for, 52performance of, 259–265

swapoff command, 223swapon command, 52, 223switch command, 309switch-tap option, 153Switches

for packets, 72virtual, 136

Symbolic links, 113Symmetric Multi-Processing (SMP), 197Synchronization

clock, 28in sysrq, 174

Synchronous files, 115–117sysemu patch, 226–227sysrq command and SysRq handler

for backups, 116–117invoking, 172–174MAGIC_SYSRQ for, 246in uml_mconsole, 310

sysrq file, 172System call tracing, 212System-level programming, 12System memory savings, COW files for, 64

Tt command in sysrq, 174-t switch

for iptables, 92for tunctl, 124, 311for xterm, 302

-tap switch for uml_switch, 311Tape drives for copying data into instances,

84–85tar files

for copying data into instances, 84–85copying into UML, 53length of, 87for moving backing files, 69for source, 235

Taskskilling, 173real-time, 174

tcpdumpfor multicast networks, 158–159with pcap, 145for TUN/TAP, 125–127, 131–132for uml_switch, 164–165

Dike.book Page 325 Monday, March 6, 2006 6:50 PM

326 Index

telnet, 43, 45–47telnetd, 46Terminal emulators, 302Testing

COW files for, 64testbeds for, 9–10TUN/TAP devices, 135–136

Threadsin execution modes. See Execution modesforcing into contexts, 177–179

3_LEVEL_PGTABLES option, 245Time to live (TTL) setting, 151–152Timers

listing, 35–36real-time clock for, 245–246

Timestamps, 69–70Timing bugs, 13tmp directory

for bind mounts, 214–215copying files to, 67, 82for databases, 281for filesystems, 34, 103for jails, 219, 221for memory, 31–32, 206–207for processes, 106

tmpfs filesystem, 32, 34, 102, 207Torvalds, Linus, 7touch command, 70Tracing thread (tt) mode, 194–196

enabling, 240for threads, 178working in, 197–198

Traffic analysis tools, 146Translation of filesystem requests, 104Transports

configuration options for, 247–248networking, 142–143

configuring, 147–154for host network access, 143–145for isolated networks, 145–146selecting, 146–147

tt (tracing thread) mode, 194–196enabling, 240for threads, 178working in, 197–198

TTL (time to live) setting, 151–152TTY_CHAN option, 248tty_log_dir option, 305

tty_log_fd option, 305tun file, 55, 57, 123TUN/TAP devices, 35, 57

bridging with, 136–142for frames, 54for host network access, 143in host setup, 88–90with routing, 121–122

configuring, 122–124, 149connectivity in, 125–129DHCP for, 134–135for outside network access, 132–133security for, 129–132testing, 135–136

tunctl utilityreference, 310–311working with, 122–124

tuntap command, 149

Uu command in sysrq, 174-u switch for tunctl, 124, 311ubd devices, 34

advantages of, 119for filesystem access, 114–115image backup for, 117partitioning, 50

ubd option, 303ubd0 file, 26ubda switch for COW files, 62ubdb file, 26

for copying data into instances, 84–85for swap space, 48

udb option, 303UID root, 109UIDs (user IDs)

in filesystem extensions, 118in ownership, 106–107

umid (unique machine ID), 42umid directory

with jails, 219process IDs in, 189in small server setup, 209

umid option, 304uml.ctl socket, 152uml_dir option, 305

Dike.book Page 326 Monday, March 6, 2006 6:50 PM

Index 327

uml_mconsole command, 182–183. See also Management Console (MConsole)

for bridging, 138for copying data into instances, 84for devices, 43for host ports, 41–45for hosts, 87, 89for network devices, 56reference, 308–310for TUN/TAP device connectivity, 125for virtual serial lines, 80

uml_moo toolfor merging COW files, 71reference, 308

UML_NET options, 247–248uml_net utility, 125, 129–130, 312UML_RANDOM option, 246–247UML_REAL_TIME_CLOCK option,

245–246uml_switch process, 148

configuring, 152–154example, 160–166for isolated networks, 145reference, 311

UML_WATCHDOG option, 247, 312uname command, 168Unique machine ID (umid), 42Unique machine id (umid) directory

with jails, 219process IDs in, 189in small server setup, 209

UNIX socketswith hostfs, 107–108with humfs, 110in MConsole, 185with uml_switch, 152–153

-unix switch for uml_switch, 311Unplugging devices, 169–170Unprivileged contexts, 231untar command, 53, 85User IDs (UIDs)

in filesystem extensions, 118in ownership, 106–107

User mode vs. kernel mode, 212User notifications, 188Utilities reference

humfsify, 307–308

internal, 312tunctl, 310–311uml_mconsole, 308–310uml_moo, 308uml_switch, 311

V-v option for uname, 168valgrind, 244Vanderpool execution mode, 202–203VCPU, 231version command, 168–169, 309--version option, 305Version queries, 168–169Virtual filesystems, 101–104Virtual hardware configuration options,

246–247Virtual machines, purpose of, 3–4Virtual memory, 230–231Virtual operating systems, 2Virtual Private Networks (VPNs), 89Virtual processes, 282–283Virtual processors, 243–244Virtual serial lines, 79–82Virtual switches, 136Virtualized subsystems, 295–298vmalloc space, 258vmlinux file, 249–250vmlinuz file, 249VMWare technology, 2–3VPNs (Virtual Private Networks), 89vserver project, 2vtund, 89

WWATCHDOG option, 247Web site requests, 284–285wget

for connectivity, 74for host setup, 94

winch interrupt, 36Wright, Chris, 234Write-protecting hostfs directories, 216

Dike.book Page 327 Monday, March 6, 2006 6:50 PM

328 Index

XX11 utilities, 96Xauthority application, 95.Xauthority file, 95xconfig configurator, 235–237xdpyinfo, 96Xen technology, 2–3xhost application, 95, 98xload, 96

Xnest, 96–99xorg-x11-tools package, 96nxterm option, 43–44, 96, 302XTERM_CHAN option, 248xterm windows, 29

ZZones, Solaris, 3

Dike.book Page 328 Monday, March 6, 2006 6:50 PM