Introduction from the translator: Against the backdrop of the massive entry into our lives of various kinds of containers, it can be quite interesting and useful to find out with what technologies it all started once. Some of them can be usefully used to this day, but not everyone remembers such methods (or knows if they were not caught during their rapid development). One such technology is User Mode Linux. The author of the original did a lot of digging, figuring out which of the old developments still work and which do not, and put together something like a step-by-step instruction on how to get yourself a homebrew UML in 2k19. And yes, we invited the author of the original post to Habr , so if you have any questions - ask in English in the comments.
User Mode in Linux is, in fact, a port of the Linux kernel to itself. This mode allows you to run a full Linux kernel as a user process and is commonly used by developers to test drivers. But this mode is also useful as a general isolation tool, the principle of which is similar to the operation of virtual machines. This mode provides more isolation than Docker, but less than a full-fledged virtual machine like KVM or Virtual Box.
In general, User Mode may seem like a strange and difficult tool to use, but it still has its uses. After all, this is a full-fledged Linux kernel running from an unprivileged user. This feature allows potentially untrusted code to run without any threat to the host machine. And since this is a full-fledged kernel, its processes are isolated from the host machine, that is processes running inside User Mode will not be visible to the host. This is not like the usual Docker container, in which case the host machine always sees the processes inside the repository. Look at this piece of pstree from one of my servers:
containerd─┬─containerd-shim─┬─tini─┬─dnsd───19*[{dnsd}]
│ │ └─s6-svscan───s6-supervise
│ └─10*[{containerd-shim}]
├─containerd-shim─┬─tini─┬─aerial───21*[{aerial}]
│ │ └─s6-svscan───s6-supervise
│ └─10*[{containerd-shim}]
├─containerd-shim─┬─tini─┬─s6-svscan───s6-supervise
│ │ └─surl
│ └─9*[{containerd-shim}]
├─containerd-shim─┬─tini─┬─h───13*[{h}]
│ │ └─s6-svscan───s6-supervise
│ └─10*[{containerd-shim}]
├─containerd-shim─┬─goproxy───14*[{goproxy}]
│ └─9*[{containerd-shim}]
└─32*[{containerd}]And compare this to the pstree of the Linux kernel in User Mode:
linux─┬─5*[linux]
└─slirpWhen working with Docker containers, I can see from the host the names of the processes that are running in the guest. With Linux User Mode, this is not possible. What does it mean? This means that monitoring tools that run through Linux's auditing subsystem do not see processes running in the guest system. But in some situations, this feature can become a double-edged sword.
In general, the entire post below is a collection of research and rough attempts to achieve the desired result. To do this, I had to use various ancient tools, read the kernel sources, do intensive debugging of code written in the days when I was still in elementary school, and also tinker with Heroku builds using a special binary to find the tools I needed. All this work led the guys on my IRC to call me magic. I hope this post serves as reliable documentation for someone to try the same thing with newer kernels and OS versions.
Setting
Setting up Linux User Mode is done in several steps:
- installing dependencies on the host;
- downloading the Linux kernel;
- kernel build configuration;
- kernel assembly;
- binary installation;
- configuring the guest file system;
- selection of kernel launch parameters;
- setting up a guest network;
- starting the guest kernel.
I assume that if you decide to do it yourself, you will most likely do everything described in some Ubuntu or Debian-like system. I tried to implement all of the above in my favorite distribution - Alpine, but nothing came of it, apparently due to the fact that the Linux kernel has a hard-binding glibc-isms for drivers in User Mode. I plan to report this to upstream after I finally understand the problem.
Installing dependencies on the host
Ubuntu requires at least the following packages to build the Linux kernel (assuming a clean install):
- 'build-essential'
- 'flex'
- 'bison'
- 'xz-utils'
- 'wget'
- 'ca-certificates'
- 'bc'
- 'linux-headers'
You can install them with the following command (as root or with sudo):
apt-get -y install build-essential flex bison xz-utils wget ca-certificates bc
linux-headers-$(uname -r)
Note that running the Linux kernel menu setup program will require the installation of libncurses-dev. Please make sure it is installed with the following command (as root or with sudo):
apt-get -y install libncurses-devKernel download
Decide where to download and then build the kernel. For this operation, you will need to allocate about 1,3 GB of hard disk space, so make sure you have it.
After go to and get the URL to download the latest stable kernel. At the time of writing this is:
Download this file using 'wget':
wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.1.16.tar.xz
And extract it with 'tar':
tar xJf linux-5.1.16.tar.xzNow we enter the directory created when unpacking the tarball:
cd linux-5.1.16Kernel build setup
The kernel build system is a set с many custom tools and scripts to automate the process. First, open the interactive setup program:
make ARCH=um menuconfig
It will partially build and display a dialog box for you. When '[Select]', you will be able to configure using the Space or Enter keys. Navigate the window, as usual, with the keyboard arrows "up" and "down", and select elements - "left" or "right".
The view pointer —> means that you are in a submenu, accessed by pressing the Enter key. The way out of it is obviously through '[Exit]'.
Include the following options in '[Select]' and make sure they have a '[*]' next to them:
UML-specific Options:
- Host filesystem
Networking support (enable this to get the submenu to show up):
- Networking options:
- TCP/IP Networking
UML Network devices:
- Virtual network device
- SLiRP transport
That's it, you can exit this window by successively selecting '[Exit]'. Just make sure you are prompted to save the configuration at the end and select '[Yes]'.
I recommend that you play around with the kernel build options after reading this post. Through these experiments, you can learn a lot in terms of understanding the work of low-level kernel mechanics and the impact of various flags on its assembly.
Building the kernel
The Linux kernel is a big program that does a lot of things. Even with such a minimal configuration on old hardware, it can take quite a while to build. So build the kernel with the following command:
make ARCH=um -j$(nproc)
For what? This command will tell our builder to use all available CPU cores and threads in the build process. Team $(nproc) at the end of Build substitutes the output of the command nproc, which is part of coreutils in a standard Ubuntu build.
After some time, our kernel will be compiled into an executable file ./linux.
Installing the binary
Since User Mode in Linux creates a regular binary, you can install it like any other utility. Here's how I did it:
mkdir -p ~/bin
cp linux ~/bin/linux
It is also worth making sure that ~/bin is in your $PATH:
export PATH=$PATH:$HOME/binSetting up the guest file system
Create a directory for the guest filesystem:
mkdir -p $HOME/prefix/uml-demo
cd $HOME/prefix
Open alpinelinux.org and in find the actual download link MINI ROOT FILESYSTEM. At the time of writing this was:
http://dl-cdn.alpinelinux.org/alpine/v3.10/releases/x86_64/alpine-minirootfs-3.10.0-x86_64.tar.gzDownload this tarball using wget:
wget -O alpine-rootfs.tgz http://dl-cdn.alpinelinux.org/alpine/v3.10/releases/x86_64/alpine-minirootfs-3.10.0-x86_64.tar.gzNow enter the directory of the guest file system and extract the archive:
cd uml-demo
tar xf ../alpine-rootfs.tgzThe described actions will create a small file system template. Due to the nature of the system, it will be extremely difficult to install packages through the Alpine apk manager. But this FS will be enough to evaluate the general idea.
We also need a tool to curb memory consumption our guest kernel.
wget -O tini https://github.com/krallin/tini/releases/download/v0.18.0/tini-static
chmod +x tiniCreating a kernel command line
The Linux kernel, like most other programs, has command-line arguments that can be accessed by specifying the key --help.
Himself —help
linux --help
User Mode Linux v5.1.16
available at http://user-mode-linux.sourceforge.net/
--showconfig
Prints the config file that this UML binary was generated from.
iomem=<name>,<file>
Configure <file> as an IO memory region named <name>.
mem=<Amount of desired ram>
This controls how much "physical" memory the kernel allocates
for the system. The size is specified as a number followed by
one of 'k', 'K', 'm', 'M', which have the obvious meanings.
This is not related to the amount of memory in the host. It can
be more, and the excess, if it's ever used, will just be swapped out.
Example: mem=64M
--help
Prints this message.
debug
this flag is not needed to run gdb on UML in skas mode
root=<file containing the root fs>
This is actually used by the generic kernel in exactly the same
way as in any other kernel. If you configure a number of block
devices and want to boot off something other than ubd0, you
would use something like:
root=/dev/ubd5
--version
Prints the version number of the kernel.
umid=<name>
This is used to assign a unique identity to this UML machine and
is used for naming the pid file and management console socket.
con[0-9]*=<channel description>
Attach a console or serial line to a host channel. See
http://user-mode-linux.sourceforge.net/old/input.html for a complete
description of this switch.
eth[0-9]+=<transport>,<options>
Configure a network device.
aio=2.4
This is used to force UML to use 2.4-style AIO even when 2.6 AIO is
available. 2.4 AIO is a single thread that handles one request at a
time, synchronously. 2.6 AIO is a thread which uses the 2.6 AIO
interface to handle an arbitrary number of pending requests. 2.6 AIO
is not available in tt mode, on 2.4 hosts, or when UML is built with
/usr/include/linux/aio_abi.h not available. Many distributions don't
include aio_abi.h, so you will need to copy it from a kernel tree to
your /usr/include/linux in order to build an AIO-capable UML
nosysemu
Turns off syscall emulation patch for ptrace (SYSEMU).
SYSEMU is a performance-patch introduced by Laurent Vivier. It changes
behaviour of ptrace() and helps reduce host context switch rates.
To make it work, you need a kernel patch for your host, too.
See http://perso.wanadoo.fr/laurent.vivier/UML/ for further
information.
uml_dir=<directory>
The location to place the pid and umid files.
quiet
Turns off information messages during boot.
hostfs=<root dir>,<flags>,...
This is used to set hostfs parameters. The root directory argument
is used to confine all hostfs mounts to within the specified directory
tree on the host. If this isn't specified, then a user inside UML can
mount anything on the host that's accessible to the user that's running
it.
The only flag currently supported is 'append', which specifies that all
files opened by hostfs will be opened in append mode.This panel highlights the main parameters of the launch. Let's run the kernel with the minimum required set of options:
linux
root=/dev/root
rootfstype=hostfs
rootflags=$HOME/prefix/uml-demo
rw
mem=64M
init=/bin/shThe lines above tell our kernel the following:
- Assume the root filesystem is a pseudo device
/dev/root. - Choose as a root filesystem driver.
- Mount the guest filesystem we created on the root device.
- And yes, in read-write mode.
- Use only 64 MB of RAM (you can use much less depending on what you plan to do, but 64 MB seems like the optimal amount).
- The kernel automatically starts
/bin/shHowinit-process.
Run this command and you should get something like the following:
One more sheet
Core dump limits :
soft - 0
hard - NONE
Checking that ptrace can change system call numbers...OK
Checking syscall emulation patch for ptrace...OK
Checking advanced syscall emulation patch for ptrace...OK
Checking environment variables for a tempdir...none found
Checking if /dev/shm is on tmpfs...OK
Checking PROT_EXEC mmap in /dev/shm...OK
Adding 32137216 bytes to physical memory to account for exec-shield gap
Linux version 5.1.16 (cadey@kahless) (gcc version 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1)) #30 Sun Jul 7 18:57:19 UTC 2019
Built 1 zonelists, mobility grouping on. Total pages: 23898
Kernel command line: root=/dev/root rootflags=/home/cadey/dl/uml/alpine rootfstype=hostfs rw mem=64M init=/bin/sh
Dentry cache hash table entries: 16384 (order: 5, 131072 bytes)
Inode-cache hash table entries: 8192 (order: 4, 65536 bytes)
Memory: 59584K/96920K available (2692K kernel code, 708K rwdata, 588K rodata, 104K init, 244K bss, 37336K reserved, 0K cma-reserved)
SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
NR_IRQS: 15
clocksource: timer: mask: 0xffffffffffffffff max_cycles: 0x1cd42e205, max_idle_ns: 881590404426 ns
Calibrating delay loop... 7479.29 BogoMIPS (lpj=37396480)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 512 (order: 0, 4096 bytes)
Mountpoint-cache hash table entries: 512 (order: 0, 4096 bytes)
Checking that host ptys support output SIGIO...Yes
Checking that host ptys support SIGIO on close...No, enabling workaround
devtmpfs: initialized
random: get_random_bytes called from setup_net+0x48/0x1e0 with crng_init=0
Using 2.6 host AIO
clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
futex hash table entries: 256 (order: 0, 6144 bytes)
NET: Registered protocol family 16
clocksource: Switched to clocksource timer
NET: Registered protocol family 2
tcp_listen_portaddr_hash hash table entries: 256 (order: 0, 4096 bytes)
TCP established hash table entries: 1024 (order: 1, 8192 bytes)
TCP bind hash table entries: 1024 (order: 1, 8192 bytes)
TCP: Hash tables configured (established 1024 bind 1024)
UDP hash table entries: 256 (order: 1, 8192 bytes)
UDP-Lite hash table entries: 256 (order: 1, 8192 bytes)
NET: Registered protocol family 1
console [stderr0] disabled
mconsole (version 2) initialized on /home/cadey/.uml/tEwIjm/mconsole
Checking host MADV_REMOVE support...OK
workingset: timestamp_bits=62 max_order=14 bucket_order=0
Block layer SCSI generic (bsg) driver version 0.4 loaded (major 254)
io scheduler noop registered (default)
io scheduler bfq registered
loop: module loaded
NET: Registered protocol family 17
Initialized stdio console driver
Using a channel type which is configured out of UML
setup_one_line failed for device 1 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 2 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 3 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 4 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 5 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 6 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 7 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 8 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 9 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 10 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 11 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 12 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 13 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 14 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 15 : Configuration failed
Console initialized on /dev/tty0
console [tty0] enabled
console [mc-1] enabled
Failed to initialize ubd device 0 :Couldn't determine size of device's file
VFS: Mounted root (hostfs filesystem) on device 0:11.
devtmpfs: mounted
This architecture does not have kernel memory protection.
Run /bin/sh as init process
/bin/sh: can't access tty; job control turned off
random: fast init done
/ # The manipulations above will give us guest system at minimum, without things like /proc or assigned hostname. For example, try the following commands:
- uname -av
- cat /proc/self/pid
- hostname
To log out of the guest, type exit or press control-d. This will kill the shell followed by a kernel panic:
/ # exit
Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000000
fish: “./linux root=/dev/root rootflag…” terminated by signal SIGABRT (Abort)
We got this kernel panic because the Linux kernel thinks the initialization process is always running. Without it, the system can no longer function and crashes. But since this is a user-mode process, the resulting output sends itself to SIGABRT, which results in an output.
Guest network setup
And this is where things start to go wrong. Networking in User Mode Linux is where the whole concept of limited "user mode" starts to fall apart. After all, usually at the system level, the network is limited privileged execution modes for all of us understandable reasons.
Note. per .: you can read more about the different options for working with a network in UML .
Journey to Slirp
However, there is an ancient and almost unsupported tool called , with which User Mode Linux can interact with the network. It works much like a user-level TCP/IP stack and doesn't require any system permissions to run. This tool was released in 1995, and the latest update is dated 2006 year. Slirp is very old. During the time without support and updates, compilers have gone so far that now this tool can only be described as .
So let's download Slirp from the Ubuntu repositories and try to run it:
sudo apt-get install slirp
/usr/bin/slirp
Slirp v1.0.17 (BETA)
Copyright (c) 1995,1996 Danny Gasparovski and others.
All rights reserved.
This program is copyrighted, free software.
Please read the file COPYRIGHT that came with the Slirp
package for the terms and conditions of the copyright.
IP address of Slirp host: 127.0.0.1
IP address of your DNS(s): 1.1.1.1, 10.77.0.7
Your address is 10.0.2.15
(or anything else you want)
Type five zeroes (0) to exit.
[autodetect SLIP/CSLIP, MTU 1500, MRU 1500, 115200 baud]
SLiRP Ready ...
fish: “/usr/bin/slirp” terminated by signal SIGSEGV (Address boundary error)Oh gods. Let's install Slirp's debugger and see if we can figure out what's going on here:
sudo apt-get install gdb slirp-dbgsym
gdb /usr/bin/slirp
GNU gdb (Ubuntu 8.1-0ubuntu3) 8.1.0.20180409-git
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/slirp...Reading symbols from /usr/lib/debug/.build-id/c6/2e75b69581a1ad85f72ac32c0d7af913d4861f.debug...done.
done.
(gdb) run
Starting program: /usr/bin/slirp
Slirp v1.0.17 (BETA)
Copyright (c) 1995,1996 Danny Gasparovski and others.
All rights reserved.
This program is copyrighted, free software.
Please read the file COPYRIGHT that came with the Slirp
package for the terms and conditions of the copyright.
IP address of Slirp host: 127.0.0.1
IP address of your DNS(s): 1.1.1.1, 10.77.0.7
Your address is 10.0.2.15
(or anything else you want)
Type five zeroes (0) to exit.
[autodetect SLIP/CSLIP, MTU 1500, MRU 1500, 115200 baud]
SLiRP Ready ...
Program received signal SIGSEGV, Segmentation fault.
ip_slowtimo () at ip_input.c:457
457 ip_input.c: No such file or directory.The error beats in us . Let's look at the stacktrace, maybe something will help us there:
(gdb) bt full
#0 ip_slowtimo () at ip_input.c:457
fp = 0x55784a40
#1 0x000055555556a57c in main_loop () at ./main.c:980
so = <optimized out>
so_next = <optimized out>
timeout = {tv_sec = 0, tv_usec = 0}
ret = 0
nfds = 0
ttyp = <optimized out>
ttyp2 = <optimized out>
best_time = <optimized out>
tmp_time = <optimized out>
#2 0x000055555555b116 in main (argc=1, argv=0x7fffffffdc58) at ./main.c:95
No locals.Here we see that the crash happens during the main loop start when slirp tries to check for timeouts. At this point, I had to give up trying to debug. But let's see if Slirp built from sorts works. I re-downloaded the archive directly from the site , because dragging something from there through the command line is a pain:
cd ~/dl
wget https://xena.greedo.xeserv.us/files/slirp-1.0.16.tar.gz
tar xf slirp-1.0.16.tar.gz
cd slirp-1.0.16/src
./configure --prefix=$HOME/prefix/slirp
make
Here we see alerts about undefined built-in functions, that is, about the inability to link the resulting binary file. It appears that between 2006 and this point, gcc stopped producing symbols used in built-in functions of intermediate compiled files. Let's try to replace the keyword inline on an empty comment and look at the result:
vi slirp.h
:6
a
<enter>
#define inline /**/
<escape>
:wq
makeNope. This doesn't work either. Still can't find symbols for these functions.
At this point, I gave up and started looking on Github . My theory was that some Heroku build package would contain the binaries I needed. In the end, the search led me . I downloaded and unpacked uml.tar.gz and found the following:
total 6136
-rwxr-xr-x 1 cadey cadey 79744 Dec 10 2017 ifconfig*
-rwxr-xr-x 1 cadey cadey 373 Dec 13 2017 init*
-rwxr-xr-x 1 cadey cadey 149688 Dec 10 2017 insmod*
-rwxr-xr-x 1 cadey cadey 66600 Dec 10 2017 route*
-rwxr-xr-x 1 cadey cadey 181056 Jun 26 2015 slirp*
-rwxr-xr-x 1 cadey cadey 5786592 Dec 15 2017 uml*
-rwxr-xr-x 1 cadey cadey 211 Dec 13 2017 uml_run*This is the slirp binary! Does he work?
./slirp
Slirp v1.0.17 (BETA) FULL_BOLT
Copyright (c) 1995,1996 Danny Gasparovski and others.
All rights reserved.
This program is copyrighted, free software.
Please read the file COPYRIGHT that came with the Slirp
package for the terms and conditions of the copyright.
IP address of Slirp host: 127.0.0.1
IP address of your DNS(s): 1.1.1.1, 10.77.0.7
Your address is 10.0.2.15
(or anything else you want)
Type five zeroes (0) to exit.
[autodetect SLIP/CSLIP, MTU 1500, MRU 1500]
SLiRP Ready ...
Doesn't crash - so it should work! Let's plant this binary in ~/bin/slirp:
cp slirp ~/bin/slirpIn case the package creator removes it, I .
Network configuration
Now let's set up the network on our guest kernel. :
linux
root=/dev/root
rootfstype=hostfs
rootflags=$HOME/prefix/uml-demo
rw
mem=64M
eth0=slirp,,$HOME/bin/slirp
init=/bin/shNow let's turn on the network:
mount -t proc proc proc/
mount -t sysfs sys sys/
ifconfig eth0 10.0.2.14 netmask 255.255.255.240 broadcast 10.0.2.15
route add default gw 10.0.2.2
The first two configuration commands /proc и /sys necessary for work ifconfig, which sets the network interface to communicate with Slirp. Team route sets the kernel routing table to force all traffic to be sent through the Slirp tunnel. Let's check this with a DNS query:
nslookup google.com 8.8.8.8
Server: 8.8.8.8
Address 1: 8.8.8.8 dns.google
Name: google.com
Address 1: 172.217.12.206 lga25s63-in-f14.1e100.net
Address 2: 2607:f8b0:4006:81b::200e lga25s63-in-x0e.1e100.netWorks!
Note per .: Apparently, the original post was written on a desktop with a wired network card, or some other configuration that did not require additional drivers. On a laptop with WiFi 8265 from Intel, an error occurs when raising the network
/ # ifconfig eth0 10.0.2.14 netmask 255.255.255.240 broadcast 10.0.2.15
slirp_tramp failed - errno = 2
ifconfig: ioctl 0x8914 failed: No such file or directory
/ #Apparently, the kernel cannot communicate with the network card driver. An attempt to compile the firmware into the kernel, unfortunately, did not fix the situation. At the time of publication, it was not possible to find a solution in this configuration. On simpler configs (for example, in Virtualbox), the interface rises correctly.
Let's automate the redirect with the following shell script:
#!/bin/sh
# init.sh
mount -t proc proc proc/
mount -t sysfs sys sys/
ifconfig eth0 10.0.2.14 netmask 255.255.255.240 broadcast 10.0.2.15
route add default gw 10.0.2.2
echo "networking set up"
exec /tini /bin/shAnd mark it executable:
chmod +x init.shAnd then we will make changes to the kernel command line:
linux
root=/dev/root
rootfstype=hostfs
rootflags=$HOME/prefix/uml-demo
rw
mem=64M
eth0=slirp,,$HOME/bin/slirp
init=/init.sh
And let's repeat:
SLiRP Ready ...
networking set up
/bin/sh: can't access tty; job control turned off
nslookup google.com 8.8.8.8
Server: 8.8.8.8
Address 1: 8.8.8.8 dns.google
Name: google.com
Address 1: 172.217.12.206 lga25s63-in-f14.1e100.net
Address 2: 2607:f8b0:4004:800::200e iad30s09-in-x0e.1e100.netThe network is stable!
docker file
To make it easier for you to check all this, I have collected , which automates most of the steps described and should give you a working configuration. I also have , which has everything that is described in the post. But it is important to understand that here I have outlined only the minimum setting.
I hope this post has helped you understand how to raise a guest kernel. It turned out to be some kind of monster, but the publication was conceived as a comprehensive guide on building, installing and configuring User Mode in Linux under modern versions of operating systems of this family. The next steps should include installing services and other software already inside the guest system. Since Docker container images are just publicized tarballs, you should be able to extract the image via docker export, and then determine its installation path in the root of the guest kernel's file system. Well, then execute the shell script.
Special thanks to Rkeene from #lobsters on Freenode. Without his help debugging Slirp, I wouldn't have gotten this far. I have no idea how his Slackware system works correctly with slirp, but my Ubuntu and Alpine systems didn't accept slirp and the binary Rkeene suggested to me. But it's enough for me that at least something works for me.
Source: habr.com