🥇How to start using User Mode in Linux

Introduction from the translator: With various types of containers becoming a massive part of our lives, it can be quite interesting and useful to learn about the technologies that started it all. Some of them can still be usefully used today, but not everyone remembers them (or knows about them, if they weren't around during their rapid development). One such technology is User Mode. LinuxThe original author did a fair amount of digging, figuring out which old practices still work and which don't, and put together something like a step-by-step guide on how to create your own homegrown UML in 2k19. And yes, we've invited the original author to Habr. Clear, so if you have any questions - ask in English in the comments.

User Mode in Linux - this is, in fact, a kernel port Linux on itself. This mode allows you to run a full-fledged kernel Linux as a user process and is typically used by developers for driver testing. However, this mode is also useful as a general isolation tool, similar in principle to how virtual machines work. This mode provides greater isolation than Docker, but less than a full-fledged virtual machine like KVM or Virtual Box.

Overall, User Mode may seem like a strange and difficult-to-use tool, but it does have its uses. After all, it's a full-fledged Linux- a kernel running as an unprivileged user. This feature allows potentially untrusted code to run without any threat to the host machine. And since it's a full-fledged kernel, its processes are isolated from the host machine, meaning processes running inside User Mode will not be visible to the host. This is not like the usual Docker container, in which case the host machine always sees the processes inside the repository. Look at this piece of pstree from one of my servers:

containerd─┬─containerd-shim─┬─tini─┬─dnsd───19*[{dnsd}]
           │                 │      └─s6-svscan───s6-supervise
           │                 └─10*[{containerd-shim}]
           ├─containerd-shim─┬─tini─┬─aerial───21*[{aerial}]
           │                 │      └─s6-svscan───s6-supervise
           │                 └─10*[{containerd-shim}]
           ├─containerd-shim─┬─tini─┬─s6-svscan───s6-supervise
           │                 │      └─surl
           │                 └─9*[{containerd-shim}]
           ├─containerd-shim─┬─tini─┬─h───13*[{h}]
           │                 │      └─s6-svscan───s6-supervise
           │                 └─10*[{containerd-shim}]
           ├─containerd-shim─┬─goproxy───14*[{goproxy}]
           │                 └─9*[{containerd-shim}]
           └─32*[{containerd}]

And compare this with the kernel's pstree Linux in User Mode:

linux─┬─5*[linux]
      └─slirp

When working with Docker containers, I can see the names of the processes running in the guest system from the host. Linux User Mode is impossible. What does this mean? It means that monitoring tools that work through the audit subsystem Linux (Linux's auditing subsystem) do not see processes running in the guest system. But in some situations, this feature can become a double-edged sword.

In general, the entire post below is a collection of research and rough attempts to achieve the desired result. To do this, I had to use various ancient tools, read the kernel sources, do intensive debugging of code written in the days when I was still in elementary school, and also tinker with Heroku builds using a special binary to find the tools I needed. All this work led the guys on my IRC to call me magic. I hope this post serves as reliable documentation for someone to try the same thing with newer kernels and OS versions.

Setting

Setting Linux User Mode is performed in several stages:

installing dependencies on the host;
downloading the kernel Linux;
kernel build configuration;
kernel assembly;
binary installation;
configuring the guest file system;
selection of kernel launch parameters;
setting up a guest network;
starting the guest kernel.

I assume that if you decide to do all this yourself, you will most likely do everything described in some Ubuntu or Debian-like system. I tried to implement everything described above in my favorite distribution, Alpine, but nothing worked, apparently because the kernel Linux has a hard link to glibc-isms for user mode drivers. I plan to report this to upstream after I fully understand the issue.

Installing dependencies on the host

Ubuntu requires at least the following packages to build the kernel Linux (assuming a clean installation):

- 'build-essential' - 'flex' - 'bison' - 'xz-utils' - 'wget' - 'ca-certificates' - 'bc' - 'linux-headers'

You can install them with the following command (as root or with sudo):

apt-get -y install build-essential flex bison xz-utils wget ca-certificates bc 
                   linux-headers-$(uname -r)

Please note that running the kernel menu setup program Linux will require installation libncurses-dev. Please make sure it is installed with the following command (as root or with sudo):

apt-get -y install libncurses-dev

Kernel download

Decide where to download and then build the kernel. For this operation, you will need to allocate about 1,3 GB of hard disk space, so make sure you have it.

After go to kernel.org and get the URL to download the latest stable kernel. At the time of writing this is: https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.1.16.tar.xz

Download this file using 'wget':

wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.1.16.tar.xz

And extract it with 'tar':

tar xJf linux-5.1.16.tar.xz

Now we enter the directory created when unpacking the tarball:

cd linux-5.1.16

Kernel build setup

The kernel build system is a set Makefiles с many custom tools and scripts to automate the process. First, open the interactive setup program:

make ARCH=um menuconfig

It will partially build and display a dialog box for you. When '[Select]', you will be able to configure using the Space or Enter keys. Navigate the window, as usual, with the keyboard arrows "up" and "down", and select elements - "left" or "right".

The view pointer —> means that you are in a submenu, accessed by pressing the Enter key. The way out of it is obviously through '[Exit]'.

Include the following options in '[Select]' and make sure they have a '[*]' next to them:

UML-specific Options:
  - Host filesystem
Networking support (enable this to get the submenu to show up):
  - Networking options:
    - TCP/IP Networking
UML Network devices:
  - Virtual network device
  - SLiRP transport

That's it, you can exit this window by successively selecting '[Exit]'. Just make sure you are prompted to save the configuration at the end and select '[Yes]'.

I recommend that you play around with the kernel build options after reading this post. Through these experiments, you can learn a lot in terms of understanding the work of low-level kernel mechanics and the impact of various flags on its assembly.

Building the kernel

Core Linux It's a large program that does a lot of things. Even with this minimal configuration, building it on older hardware can take quite a while. Therefore, build the kernel using the following command:

make ARCH=um -j$(nproc)

For what? This command will tell our builder to use all available CPU cores and threads in the build process. Team $(nproc) at the end of Build substitutes the output of the command nproc, which is part of coreutils in standard assembly Ubuntu.

After some time, our kernel will be compiled into an executable file ./linux.

Installing the binary

Since User Mode is in Linux It creates a regular binary, so you can install it like any other utility. Here's how I did it:

mkdir -p ~/bin
cp linux ~/bin/linux

It is also worth making sure that ~/bin is in your $PATH:

export PATH=$PATH:$HOME/bin

Setting up the guest file system

Create a directory for the guest filesystem:

mkdir -p $HOME/prefix/uml-demo
cd $HOME/prefix

Open alpinelinux.org and in download section find the actual download link MINI ROOT FILESYSTEM. At the time of writing this was:

http://dl-cdn.alpinelinux.org/alpine/v3.10/releases/x86_64/alpine-minirootfs-3.10.0-x86_64.tar.gz

Download this tarball using wget:

wget -O alpine-rootfs.tgz http://dl-cdn.alpinelinux.org/alpine/v3.10/releases/x86_64/alpine-minirootfs-3.10.0-x86_64.tar.gz

Now enter the directory of the guest file system and extract the archive:

cd uml-demo
tar xf ../alpine-rootfs.tgz

The described actions will create a small file system template. Due to the nature of the system, it will be extremely difficult to install packages through the Alpine apk manager. But this FS will be enough to evaluate the general idea.

We also need a tool tini to curb memory consumption zombie processes our guest kernel.

wget -O tini https://github.com/krallin/tini/releases/download/v0.18.0/tini-static
chmod +x tini

Creating a kernel command line

In the core Linux, like most other programs, there are command line arguments that can be accessed by specifying the key --help.

Himself —help

linux --help
User Mode Linux v5.1.16
        available at http://user-mode-linux.sourceforge.net/

--showconfig
    Prints the config file that this UML binary was generated from.

iomem=<name>,<file>
    Configure <file> as an IO memory region named <name>.

mem=<Amount of desired ram>
    This controls how much "physical" memory the kernel allocates
    for the system. The size is specified as a number followed by
    one of 'k', 'K', 'm', 'M', which have the obvious meanings.
    This is not related to the amount of memory in the host.  It can
    be more, and the excess, if it's ever used, will just be swapped out.
        Example: mem=64M

--help
    Prints this message.

debug
    this flag is not needed to run gdb on UML in skas mode

root=<file containing the root fs>
    This is actually used by the generic kernel in exactly the same
    way as in any other kernel. If you configure a number of block
    devices and want to boot off something other than ubd0, you
    would use something like:
        root=/dev/ubd5

--version
    Prints the version number of the kernel.

umid=<name>
    This is used to assign a unique identity to this UML machine and
    is used for naming the pid file and management console socket.

con[0-9]*=<channel description>
    Attach a console or serial line to a host channel.  See
    http://user-mode-linux.sourceforge.net/old/input.html for a complete
    description of this switch.

eth[0-9]+=<transport>,<options>
    Configure a network device.
    
aio=2.4
    This is used to force UML to use 2.4-style AIO even when 2.6 AIO is
    available.  2.4 AIO is a single thread that handles one request at a
    time, synchronously.  2.6 AIO is a thread which uses the 2.6 AIO
    interface to handle an arbitrary number of pending requests.  2.6 AIO
    is not available in tt mode, on 2.4 hosts, or when UML is built with
    /usr/include/linux/aio_abi.h not available.  Many distributions don't
    include aio_abi.h, so you will need to copy it from a kernel tree to
    your /usr/include/linux in order to build an AIO-capable UML

nosysemu
    Turns off syscall emulation patch for ptrace (SYSEMU).
    SYSEMU is a performance-patch introduced by Laurent Vivier. It changes
    behaviour of ptrace() and helps reduce host context switch rates.
    To make it work, you need a kernel patch for your host, too.
    See http://perso.wanadoo.fr/laurent.vivier/UML/ for further
    information.

uml_dir=<directory>
    The location to place the pid and umid files.

quiet
    Turns off information messages during boot.

hostfs=<root dir>,<flags>,...
    This is used to set hostfs parameters.  The root directory argument
    is used to confine all hostfs mounts to within the specified directory
    tree on the host.  If this isn't specified, then a user inside UML can
    mount anything on the host that's accessible to the user that's running
    it.
    The only flag currently supported is 'append', which specifies that all
    files opened by hostfs will be opened in append mode.

This panel highlights the main parameters of the launch. Let's run the kernel with the minimum required set of options:

linux 
  root=/dev/root 
  rootfstype=hostfs 
  rootflags=$HOME/prefix/uml-demo 
  rw 
  mem=64M 
  init=/bin/sh

The lines above tell our kernel the following:

Assume the root filesystem is a pseudo device /dev/root.
Choose hostfs as a root filesystem driver.
Mount the guest filesystem we created on the root device.
And yes, in read-write mode.
Use only 64 MB of RAM (you can use much less depending on what you plan to do, but 64 MB seems like the optimal amount).
The kernel automatically starts /bin/sh How init-process.

Run this command and you should get something like the following:

One more sheet

Core dump limits :
        soft - 0
        hard - NONE
Checking that ptrace can change system call numbers...OK
Checking syscall emulation patch for ptrace...OK
Checking advanced syscall emulation patch for ptrace...OK
Checking environment variables for a tempdir...none found
Checking if /dev/shm is on tmpfs...OK
Checking PROT_EXEC mmap in /dev/shm...OK
Adding 32137216 bytes to physical memory to account for exec-shield gap
Linux version 5.1.16 (cadey@kahless) (gcc version 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1)) #30 Sun Jul 7 18:57:19 UTC 2019
Built 1 zonelists, mobility grouping on.  Total pages: 23898
Kernel command line: root=/dev/root rootflags=/home/cadey/dl/uml/alpine rootfstype=hostfs rw mem=64M init=/bin/sh
Dentry cache hash table entries: 16384 (order: 5, 131072 bytes)
Inode-cache hash table entries: 8192 (order: 4, 65536 bytes)
Memory: 59584K/96920K available (2692K kernel code, 708K rwdata, 588K rodata, 104K init, 244K bss, 37336K reserved, 0K cma-reserved)
SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
NR_IRQS: 15
clocksource: timer: mask: 0xffffffffffffffff max_cycles: 0x1cd42e205, max_idle_ns: 881590404426 ns
Calibrating delay loop... 7479.29 BogoMIPS (lpj=37396480)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 512 (order: 0, 4096 bytes)
Mountpoint-cache hash table entries: 512 (order: 0, 4096 bytes)
Checking that host ptys support output SIGIO...Yes
Checking that host ptys support SIGIO on close...No, enabling workaround
devtmpfs: initialized
random: get_random_bytes called from setup_net+0x48/0x1e0 with crng_init=0
Using 2.6 host AIO
clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
futex hash table entries: 256 (order: 0, 6144 bytes)
NET: Registered protocol family 16
clocksource: Switched to clocksource timer
NET: Registered protocol family 2
tcp_listen_portaddr_hash hash table entries: 256 (order: 0, 4096 bytes)
TCP established hash table entries: 1024 (order: 1, 8192 bytes)
TCP bind hash table entries: 1024 (order: 1, 8192 bytes)
TCP: Hash tables configured (established 1024 bind 1024)
UDP hash table entries: 256 (order: 1, 8192 bytes)
UDP-Lite hash table entries: 256 (order: 1, 8192 bytes)
NET: Registered protocol family 1
console [stderr0] disabled
mconsole (version 2) initialized on /home/cadey/.uml/tEwIjm/mconsole
Checking host MADV_REMOVE support...OK
workingset: timestamp_bits=62 max_order=14 bucket_order=0
Block layer SCSI generic (bsg) driver version 0.4 loaded (major 254)
io scheduler noop registered (default)
io scheduler bfq registered
loop: module loaded
NET: Registered protocol family 17
Initialized stdio console driver
Using a channel type which is configured out of UML
setup_one_line failed for device 1 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 2 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 3 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 4 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 5 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 6 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 7 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 8 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 9 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 10 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 11 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 12 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 13 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 14 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 15 : Configuration failed
Console initialized on /dev/tty0
console [tty0] enabled
console [mc-1] enabled
Failed to initialize ubd device 0 :Couldn't determine size of device's file
VFS: Mounted root (hostfs filesystem) on device 0:11.
devtmpfs: mounted
This architecture does not have kernel memory protection.
Run /bin/sh as init process
/bin/sh: can't access tty; job control turned off
random: fast init done
/ #

The manipulations above will give us guest system at minimum, without things like /proc or assigned hostname. For example, try the following commands:

- uname -av - cat /proc/self/pid - hostname

To log out of the guest, type exit or press control-d. This will kill the shell followed by a kernel panic:

/ # exit
Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000000
fish: “./linux root=/dev/root rootflag…” terminated by signal SIGABRT (Abort)

We got this kernel panic because the kernel Linux assumes that the initialization process is always running. Without it, the system can no longer function and terminates. But since this is a user-mode process, the resulting output sends itself to SIGABRT, which results in an output.

Guest network setup

But here's where things start to go wrong. Network in User Mode Linux — this is where the whole concept of a limited "user mode" begins to fall apart. After all, at the system level, the network is usually limited. privileged execution modes for all of us understandable reasons.

Note. per .: you can read more about the different options for working with a network in UML here.

Journey to Slirp

However, there is an ancient and almost unsupported tool called Slirp, with the help of which User Mode Linux can interact with the network. It works somewhat like a stack TCP/IP at the user level and does not require any system permissions to run. This tool was released in 1995, and the latest update is dated 2006 year. Slirp is very old. During the time without support and updates, compilers have gone so far that now this tool can only be described as code rot.

So, let's download Slirp from the repositories. Ubuntu and let's try to run it:

sudo apt-get install slirp
/usr/bin/slirp
Slirp v1.0.17 (BETA)

Copyright (c) 1995,1996 Danny Gasparovski and others.
All rights reserved.
This program is copyrighted, free software.
Please read the file COPYRIGHT that came with the Slirp
package for the terms and conditions of the copyright.

IP address of Slirp host: 127.0.0.1
IP address of your DNS(s): 1.1.1.1, 10.77.0.7
Your address is 10.0.2.15
(or anything else you want)

Type five zeroes (0) to exit.

[autodetect SLIP/CSLIP, MTU 1500, MRU 1500, 115200 baud]

SLiRP Ready ...
fish: “/usr/bin/slirp” terminated by signal SIGSEGV (Address boundary error)

Oh gods. Let's install Slirp's debugger and see if we can figure out what's going on here:

sudo apt-get install gdb slirp-dbgsym
gdb /usr/bin/slirp
GNU gdb (Ubuntu 8.1-0ubuntu3) 8.1.0.20180409-git
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/slirp...Reading symbols from /usr/lib/debug/.build-id/c6/2e75b69581a1ad85f72ac32c0d7af913d4861f.debug...done.
done.
(gdb) run
Starting program: /usr/bin/slirp
Slirp v1.0.17 (BETA)

Copyright (c) 1995,1996 Danny Gasparovski and others.
All rights reserved.
This program is copyrighted, free software.
Please read the file COPYRIGHT that came with the Slirp
package for the terms and conditions of the copyright.

IP address of Slirp host: 127.0.0.1
IP address of your DNS(s): 1.1.1.1, 10.77.0.7
Your address is 10.0.2.15
(or anything else you want)

Type five zeroes (0) to exit.

[autodetect SLIP/CSLIP, MTU 1500, MRU 1500, 115200 baud]

SLiRP Ready ...

Program received signal SIGSEGV, Segmentation fault.
                                                    ip_slowtimo () at ip_input.c:457
457     ip_input.c: No such file or directory.

The error beats in us this line. Let's look at the stacktrace, maybe something will help us there:

(gdb) bt full
#0  ip_slowtimo () at ip_input.c:457
        fp = 0x55784a40
#1  0x000055555556a57c in main_loop () at ./main.c:980
        so = <optimized out>
        so_next = <optimized out>
        timeout = {tv_sec = 0, tv_usec = 0}
        ret = 0
        nfds = 0
        ttyp = <optimized out>
        ttyp2 = <optimized out>
        best_time = <optimized out>
        tmp_time = <optimized out>
#2  0x000055555555b116 in main (argc=1, argv=0x7fffffffdc58) at ./main.c:95
No locals.

Here we see that the crash happens during the main loop start when slirp tries to check for timeouts. At this point, I had to give up trying to debug. But let's see if Slirp built from sorts works. I re-downloaded the archive directly from the site Sourceforge, because dragging something from there through the command line is a pain:

cd ~/dl
wget https://xena.greedo.xeserv.us/files/slirp-1.0.16.tar.gz
tar xf slirp-1.0.16.tar.gz
cd slirp-1.0.16/src
./configure --prefix=$HOME/prefix/slirp
make

Here we see alerts about undefined built-in functions, that is, about the inability to link the resulting binary file. It appears that between 2006 and this point, gcc stopped producing symbols used in built-in functions of intermediate compiled files. Let's try to replace the keyword inline on an empty comment and look at the result:

vi slirp.h
:6
a
<enter>
#define inline /**/
<escape>
:wq
make

Nope. This doesn't work either. Still can't find symbols for these functions.

At this point, I gave up and started looking on Github Heroku build packages. My theory was that some Heroku build package would contain the binaries I needed. In the end, the search led me here here. I downloaded and unpacked uml.tar.gz and found the following:

total 6136
-rwxr-xr-x 1 cadey cadey   79744 Dec 10  2017 ifconfig*
-rwxr-xr-x 1 cadey cadey     373 Dec 13  2017 init*
-rwxr-xr-x 1 cadey cadey  149688 Dec 10  2017 insmod*
-rwxr-xr-x 1 cadey cadey   66600 Dec 10  2017 route*
-rwxr-xr-x 1 cadey cadey  181056 Jun 26  2015 slirp*
-rwxr-xr-x 1 cadey cadey 5786592 Dec 15  2017 uml*
-rwxr-xr-x 1 cadey cadey     211 Dec 13  2017 uml_run*

This is the slirp binary! Does he work?

./slirp
Slirp v1.0.17 (BETA) FULL_BOLT

Copyright (c) 1995,1996 Danny Gasparovski and others.
All rights reserved.
This program is copyrighted, free software.
Please read the file COPYRIGHT that came with the Slirp
package for the terms and conditions of the copyright.

IP address of Slirp host: 127.0.0.1
IP address of your DNS(s): 1.1.1.1, 10.77.0.7
Your address is 10.0.2.15
(or anything else you want)

Type five zeroes (0) to exit.

[autodetect SLIP/CSLIP, MTU 1500, MRU 1500]

SLiRP Ready ...

Doesn't crash - so it should work! Let's plant this binary in ~/bin/slirp:

cp slirp ~/bin/slirp

In case the package creator removes it, I made a mirror.

Network configuration

Now let's set up the network on our guest kernel. Update launch options:

linux 
  root=/dev/root 
  rootfstype=hostfs 
  rootflags=$HOME/prefix/uml-demo 
  rw 
  mem=64M 
  eth0=slirp,,$HOME/bin/slirp 
  init=/bin/sh

Now let's turn on the network:

mount -t proc proc proc/
mount -t sysfs sys sys/

ifconfig eth0 10.0.2.14 netmask 255.255.255.240 broadcast 10.0.2.15
route add default gw 10.0.2.2

The first two configuration commands /proc и /sys necessary for work ifconfig, which sets the network interface to communicate with Slirp. Team route sets the kernel routing table to force all traffic to be sent through the Slirp tunnel. Let's check this with a DNS query:

nslookup google.com 8.8.8.8
Server:    8.8.8.8
Address 1: 8.8.8.8 dns.google

Name:      google.com
Address 1: 172.217.12.206 lga25s63-in-f14.1e100.net
Address 2: 2607:f8b0:4006:81b::200e lga25s63-in-x0e.1e100.net

Works!

Note per .: Apparently, the original post was written on a desktop with a wired network card, or some other configuration that did not require additional drivers. On a laptop with WiFi 8265 from Intel, an error occurs when raising the network

/ # ifconfig eth0 10.0.2.14 netmask 255.255.255.240 broadcast 10.0.2.15
slirp_tramp failed - errno = 2
ifconfig: ioctl 0x8914 failed: No such file or directory
/ #

Apparently, the kernel cannot communicate with the network card driver. An attempt to compile the firmware into the kernel, unfortunately, did not fix the situation. At the time of publication, it was not possible to find a solution in this configuration. On simpler configs (for example, in Virtualbox), the interface rises correctly.

Let's automate the redirect with the following shell script:

#!/bin/sh
# init.sh

mount -t proc proc proc/
mount -t sysfs sys sys/
ifconfig eth0 10.0.2.14 netmask 255.255.255.240 broadcast 10.0.2.15
route add default gw 10.0.2.2

echo "networking set up"

exec /tini /bin/sh

And mark it executable:

chmod +x init.sh

And then we will make changes to the kernel command line:

linux 
  root=/dev/root 
  rootfstype=hostfs 
  rootflags=$HOME/prefix/uml-demo 
  rw 
  mem=64M 
  eth0=slirp,,$HOME/bin/slirp 
  init=/init.sh

And let's repeat:

SLiRP Ready ...
networking set up
/bin/sh: can't access tty; job control turned off

nslookup google.com 8.8.8.8
Server:    8.8.8.8
Address 1: 8.8.8.8 dns.google

Name:      google.com
Address 1: 172.217.12.206 lga25s63-in-f14.1e100.net
Address 2: 2607:f8b0:4004:800::200e iad30s09-in-x0e.1e100.net

The network is stable!

docker file

To make it easier for you to check all this, I have collected Dockerfile, which automates most of the steps described and should give you a working configuration. I also have preconfigured kernel, which has everything that is described in the post. But it is important to understand that here I have outlined only the minimum setting.

I hope this post helped you understand how to get a guest kernel up and running. It's a bit of a monster, but the intention was to provide a comprehensive guide on building, installing, and configuring User Mode. Linux under modern versions of operating systems of this family. Subsequent steps should include installing services and other software within the guest system. Since Docker container images are simply hyped-up tarballs, you should be able to extract the image via docker export, and then determine its installation path in the root of the guest kernel's file system. Well, then execute the shell script.

Special thanks to Rkeene from #lobsters on Freenode. Without his help debugging Slirp, I wouldn't have gotten this far. I have no idea how his Slackware system works correctly with slirp, but my systems do. Ubuntu and Alpine didn't accept slirp and the binary Rkeene offered me. But it's enough for me that at least something works.

Source: habr.com