Kumaha ngamimitian nganggo Modeu Pangguna dina Linux

Bubuka ti panarjamah: Kalayan rupa-rupa jinis wadah anu janten bagian ageung tina kahirupan urang, éta tiasa janten pikaresepeun sareng mangpaat pikeun diajar ngeunaan téknologi anu ngamimitian sadayana. Sababaraha di antarana masih tiasa dianggo sacara mangpaat ayeuna, tapi henteu sadayana émut kana éta (atanapi terang ngeunaan éta, upami éta henteu aya nalika kamekaranana gancang). Salah sahiji téknologi sapertos kitu nyaéta Modeu Pangguna. LinuxPangarang aslina ngalakukeun panalungtikan anu lumayan, milarian prakték lami mana anu masih tiasa dianggo sareng mana anu henteu, teras nyusun hiji hal sapertos pituduh léngkah-léngkah ngeunaan kumaha nyiptakeun UML buatan bumi anjeun nyalira dina taun 2k19. Sareng enya, kami parantos ngajak pangarang aslina ka Habr. Cadey, janten upami anjeun gaduh patarosan - tanyakeun dina basa Inggris dina koméntar.

Modeu Pangguna dina Linux - ieu téh, sabenerna, port kernel Linux dina dirina sorangan. Modeu ieu ngamungkinkeun anjeun pikeun ngajalankeun kernel anu lengkep Linux salaku prosés pangguna sareng biasana dianggo ku pamekar pikeun uji supir. Nanging, modeu ieu ogé kapaké salaku alat isolasi umum, prinsipna sami sareng kumaha mesin virtual jalan. Modeu ieu nyayogikeun isolasi anu langkung ageung tibatan Docker, tapi kirang tibatan mesin virtual anu lengkep sapertos KVM atanapi Virtual Box.

Sacara umum, Modeu Pangguna sigana mah anéh jeung hésé dipakéna, tapi éta téh boga kagunaanna. Sabenerna mah, éta téh alat nu lengkep. Linux- kernel anu dijalankeun salaku pangguna anu teu gaduh hak istimewa. Fitur ieu ngamungkinkeun kode anu poténsial teu dipercaya dijalankeun tanpa ancaman ka mesin host. Sareng kumargi éta kernel anu lengkep, prosésna diisolasi tina mesin host, hartosna prosés anu ngajalankeun di jero Modeu Pamaké moal katingali ku host. Ieu sanés sapertos wadah Docker biasa, dimana mesin host sok ningali prosés di jero gudang. Tingali sapotong pstree ieu tina salah sahiji server kuring:

containerd─┬─containerd-shim─┬─tini─┬─dnsd───19*[{dnsd}]
           │                 │      └─s6-svscan───s6-supervise
           │                 └─10*[{containerd-shim}]
           ├─containerd-shim─┬─tini─┬─aerial───21*[{aerial}]
           │                 │      └─s6-svscan───s6-supervise
           │                 └─10*[{containerd-shim}]
           ├─containerd-shim─┬─tini─┬─s6-svscan───s6-supervise
           │                 │      └─surl
           │                 └─9*[{containerd-shim}]
           ├─containerd-shim─┬─tini─┬─h───13*[{h}]
           │                 │      └─s6-svscan───s6-supervise
           │                 └─10*[{containerd-shim}]
           ├─containerd-shim─┬─goproxy───14*[{goproxy}]
           │                 └─9*[{containerd-shim}]
           └─32*[{containerd}]

Sareng bandingkeun ieu sareng pstree kernel Linux dina Modeu Pangguna:

linux─┬─5*[linux]
      └─slirp

Nalika damel sareng wadah Docker, kuring tiasa ningali nami prosés anu dijalankeun dina sistem tamu ti host. Linux Modeu Pangguna teu mungkin. Naon hartosna ieu? Hartina alat pangawasan anu tiasa dianggo ngalangkungan subsistem audit Linux (Linuxsubsistem audit) tong ningali prosés ngajalankeun dina sistem tamu. Tapi dina sababaraha kaayaan, fitur ieu tiasa janten pedang dua sisi.

Sacara umum, sakabéh tulisan di handap mangrupa kumpulan panalungtikan sarta usaha kasar pikeun ngahontal hasil nu dipikahoyong. Pikeun ngalakukeun ieu, kuring kedah nganggo sababaraha alat kuno, maca sumber kernel, ngalakukeun debugging intensif kode anu ditulis dina dinten-dinten nalika kuring masih di sakola dasar, sareng ogé ngintip sareng Heroku ngawangun nganggo binér khusus pikeun milarian alat anu kuring peryogikeun. . Sadaya karya ieu nyababkeun jalma-jalma di IRC kuring nyauran kuring sihir. Abdi ngarepkeun tulisan ieu janten dokuméntasi anu tiasa dipercaya pikeun jalma anu nyobian hal anu sami sareng kernels sareng versi OS anu langkung énggal.

carana ngatur

carana ngatur Linux Modeu Pangguna dilaksanakeun dina sababaraha tahapan:

• masang dependensi dina host;
• ngaunduh kernel Linux;
• konfigurasi ngawangun kernel;
• assembly kernel;
• pamasangan binér;
• ngonpigurasikeun sistem file tamu;
• pilihan parameter peluncuran kernel;
• nyetel jaringan tamu;
• ngamimitian kernel tamu.

Kuring nganggap upami anjeun mutuskeun pikeun ngalakukeun sadayana ieu nyalira, anjeun sigana bakal ngalakukeun sadayana anu dijelaskeun dina sababaraha Ubuntu atawa Debiansistem anu siga kitu. Abdi parantos nyobian nerapkeun sadayana anu dijelaskeun di luhur dina distribusi karesep abdi, Alpine, tapi teu aya anu tiasa dianggo, sigana kusabab kernelna Linux ngagaduhan tautan anu caket kana glibc-isms pikeun supir modeu pangguna. Abdi ngarencanakeun pikeun ngalaporkeun ieu ka upstream saatos abdi ngartos masalahna sacara lengkep.

Masang katergantungan dina host

Ubuntu sahenteuna peryogi paket-paket ieu pikeun ngawangun kernel Linux (anggapan pamasanganna bersih):

- 'build-essential'
- 'flex'
- 'bison'
- 'xz-utils'
- 'wget'
- 'ca-certificates'
- 'bc'
- 'linux-headers'

Anjeun tiasa masang aranjeunna nganggo paréntah di handap ieu (salaku root atanapi sudo):

apt-get -y install build-essential flex bison xz-utils wget ca-certificates bc 
                   linux-headers-$(uname -r)

Punten perhatoskeun yén ngajalankeun program setelan menu kernel Linux bakal meryogikeun pamasangan libncurses-dev. Punten pastikeun dipasang sareng paréntah di handap ieu (salaku root atanapi sudo):

apt-get -y install libncurses-dev

Ngundeur kernel

Mutuskeun dimana ngundeur lajeng ngawangun kernel. Pikeun operasi ieu, anjeun bakal kudu allocate ngeunaan 1,3 GB rohangan hard disk, jadi pastikeun Anjeun gaduh eta.

Sanggeus indit ka kernel.org tur meunangkeun URL pikeun ngundeur kernel stabil panganyarna. Dina waktos nyerat ieu: https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.1.16.tar.xz

Unduh file ieu nganggo 'wget':

wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.1.16.tar.xz

Jeung nimba eta kalawan 'tar':

tar xJf linux-5.1.16.tar.xz

Ayeuna urang asupkeun diréktori anu diciptakeun nalika ngabongkar tarball:

cd linux-5.1.16

Pangaturan ngawangun kernel

Sistem ngawangun kernel mangrupikeun set Makefiles с loba parabot custom sarta Aksara pikeun ngajadikeun otomatis prosés. Kahiji, buka program setelan interaktif:

make ARCH=um menuconfig

Sawaréh bakal ngawangun sareng nampilkeun kotak dialog pikeun anjeun. Iraha '[Select]', Anjeun bakal tiasa ngonpigurasikeun nganggo konci Spasi atanapi Lebetkeun. Napigasi jandela, sakumaha biasa, jeung panah keyboard "up" jeung "handap", tur pilih elemen - "kénca" atawa "katuhu".

Panunjuk arah -> hartina anjeun dina submenu, diaksés ku mencét kenop Enter. Jalan kaluarna jelas ngaliwatan '[Exit]'.

Lebetkeun pilihan di handap ieu dina '[Select]' sareng pastikeun aranjeunna gaduh '[*]' gigireun aranjeunna:

UML-specific Options:
  - Host filesystem
Networking support (enable this to get the submenu to show up):
  - Networking options:
    - TCP/IP Networking
UML Network devices:
  - Virtual network device
  - SLiRP transport

Éta waé, anjeun tiasa kaluar tina jandela ieu ku cara milih '[Exit]'. Ngan pastikeun anjeun dipenta pikeun nyimpen konfigurasi di ahir tur pilih '[Yes]'.

Abdi nyarankeun yén anjeun maénkeun kalayan pilihan ngawangun kernel saatos maca tulisan ieu. Ngaliwatan ékspérimén ieu, anjeun tiasa diajar pisan dina hal ngartos karya mékanika kernel tingkat rendah sareng dampak rupa-rupa umbul dina rakitanna.

Ngawangun kernel

Inti Linux Ieu program ageung anu tiasa ngalakukeun seueur hal. Sanaos nganggo konfigurasi minimal ieu, ngawangunna dina perangkat keras anu langkung lami tiasa nyandak waktos anu lami. Ku kituna, ngawangun kernel nganggo paréntah ieu:

make ARCH=um -j$(nproc)

Kanggo naon? Paréntah ieu bakal nyarioskeun ka pembina urang ngagunakeun sadaya inti CPU sareng benang anu aya dina prosés ngawangun. Tim $(nproc) dina ahir Ngawangun substitutes kaluaran paréntah nproc, anu mangrupa bagian tina coreutils dina rakitan standar Ubuntu.

Sanggeus sababaraha waktu, kernel urang bakal disusun jadi file laksana ./linux.

Masang binér

Kusabab Modeu Pangguna aya dina Linux Éta nyiptakeun binér biasa, janten anjeun tiasa masangna sapertos utilitas anu sanés. Kieu carana kuring ngalakukeunana:

mkdir -p ~/bin
cp linux ~/bin/linux

Éta ogé patut mastikeun yén ~/bin aya dina anjeun $PATH:

export PATH=$PATH:$HOME/bin

Nyetél sistem file tamu

Jieun diréktori pikeun sistem file tamu:

mkdir -p $HOME/prefix/uml-demo
cd $HOME/prefix

Buka alpinelinux.org sareng asup bagian download manggihan link download sabenerna MINI ROOT FILESYSTEM. Dina waktos nyerat ieu:

http://dl-cdn.alpinelinux.org/alpine/v3.10/releases/x86_64/alpine-minirootfs-3.10.0-x86_64.tar.gz

Unduh tarball ieu nganggo wget:

wget -O alpine-rootfs.tgz http://dl-cdn.alpinelinux.org/alpine/v3.10/releases/x86_64/alpine-minirootfs-3.10.0-x86_64.tar.gz

Ayeuna lebetkeun diréktori sistem file tamu sareng nimba arsipna:

cd uml-demo
tar xf ../alpine-rootfs.tgz

Tindakan anu dijelaskeun bakal nyiptakeun template sistem file leutik. Kusabab sifat sistemna, bakal sesah pisan pikeun masang bungkusan ngalangkungan manajer apk Alpine. Tapi FS ieu bakal cukup pikeun meunteun ide umum.

Urang ogé peryogi alat tini pikeun curb konsumsi memori prosés zombie kernel tamu urang.

wget -O tini https://github.com/krallin/tini/releases/download/v0.18.0/tini-static
chmod +x tini

Nyiptakeun garis paréntah kernel

Dina inti Linux, sapertos kalolobaan program anu sanés, aya argumen baris paréntah anu tiasa diaksés ku cara nangtukeun konci --help.

Dirina - pitulung

linux --help
User Mode Linux v5.1.16
        available at http://user-mode-linux.sourceforge.net/

--showconfig
    Prints the config file that this UML binary was generated from.

iomem=<name>,<file>
    Configure <file> as an IO memory region named <name>.

mem=<Amount of desired ram>
    This controls how much "physical" memory the kernel allocates
    for the system. The size is specified as a number followed by
    one of 'k', 'K', 'm', 'M', which have the obvious meanings.
    This is not related to the amount of memory in the host.  It can
    be more, and the excess, if it's ever used, will just be swapped out.
        Example: mem=64M

--help
    Prints this message.

debug
    this flag is not needed to run gdb on UML in skas mode

root=<file containing the root fs>
    This is actually used by the generic kernel in exactly the same
    way as in any other kernel. If you configure a number of block
    devices and want to boot off something other than ubd0, you
    would use something like:
        root=/dev/ubd5

--version
    Prints the version number of the kernel.

umid=<name>
    This is used to assign a unique identity to this UML machine and
    is used for naming the pid file and management console socket.

con[0-9]*=<channel description>
    Attach a console or serial line to a host channel.  See
    http://user-mode-linux.sourceforge.net/old/input.html for a complete
    description of this switch.

eth[0-9]+=<transport>,<options>
    Configure a network device.
    
aio=2.4
    This is used to force UML to use 2.4-style AIO even when 2.6 AIO is
    available.  2.4 AIO is a single thread that handles one request at a
    time, synchronously.  2.6 AIO is a thread which uses the 2.6 AIO
    interface to handle an arbitrary number of pending requests.  2.6 AIO
    is not available in tt mode, on 2.4 hosts, or when UML is built with
    /usr/include/linux/aio_abi.h not available.  Many distributions don't
    include aio_abi.h, so you will need to copy it from a kernel tree to
    your /usr/include/linux in order to build an AIO-capable UML

nosysemu
    Turns off syscall emulation patch for ptrace (SYSEMU).
    SYSEMU is a performance-patch introduced by Laurent Vivier. It changes
    behaviour of ptrace() and helps reduce host context switch rates.
    To make it work, you need a kernel patch for your host, too.
    See http://perso.wanadoo.fr/laurent.vivier/UML/ for further
    information.

uml_dir=<directory>
    The location to place the pid and umid files.

quiet
    Turns off information messages during boot.

hostfs=<root dir>,<flags>,...
    This is used to set hostfs parameters.  The root directory argument
    is used to confine all hostfs mounts to within the specified directory
    tree on the host.  If this isn't specified, then a user inside UML can
    mount anything on the host that's accessible to the user that's running
    it.
    The only flag currently supported is 'append', which specifies that all
    files opened by hostfs will be opened in append mode.

Panel ieu nyorot parameter utama peluncuran. Hayu urang ngajalankeun kernel sareng set pilihan minimum anu diperyogikeun:

linux 
  root=/dev/root 
  rootfstype=hostfs 
  rootflags=$HOME/prefix/uml-demo 
  rw 
  mem=64M 
  init=/bin/sh

Garis di luhur nyarioskeun kernel urang di handap ieu:

• Anggap sistem file akar mangrupikeun alat pseudo /dev/root.
• Milih hostfs salaku supir filesystem root.
• Pasang sistem file tamu anu kami ciptakeun dina alat akar.
• Sareng enya, dina mode baca-tulis.
• Paké ngan 64 MB RAM (Anjeun tiasa make loba kurang gumantung kana naon rencana pikeun ngalakukeun, tapi 64 MB sigana jumlah optimal).
• Kernel otomatis dimimitian /bin/sh kumaha init- prosés.

Jalankeun paréntah ieu sareng anjeun kedah nampi sapertos kieu:

Hiji lambar deui

Core dump limits :
        soft - 0
        hard - NONE
Checking that ptrace can change system call numbers...OK
Checking syscall emulation patch for ptrace...OK
Checking advanced syscall emulation patch for ptrace...OK
Checking environment variables for a tempdir...none found
Checking if /dev/shm is on tmpfs...OK
Checking PROT_EXEC mmap in /dev/shm...OK
Adding 32137216 bytes to physical memory to account for exec-shield gap
Linux version 5.1.16 (cadey@kahless) (gcc version 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1)) #30 Sun Jul 7 18:57:19 UTC 2019
Built 1 zonelists, mobility grouping on.  Total pages: 23898
Kernel command line: root=/dev/root rootflags=/home/cadey/dl/uml/alpine rootfstype=hostfs rw mem=64M init=/bin/sh
Dentry cache hash table entries: 16384 (order: 5, 131072 bytes)
Inode-cache hash table entries: 8192 (order: 4, 65536 bytes)
Memory: 59584K/96920K available (2692K kernel code, 708K rwdata, 588K rodata, 104K init, 244K bss, 37336K reserved, 0K cma-reserved)
SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
NR_IRQS: 15
clocksource: timer: mask: 0xffffffffffffffff max_cycles: 0x1cd42e205, max_idle_ns: 881590404426 ns
Calibrating delay loop... 7479.29 BogoMIPS (lpj=37396480)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 512 (order: 0, 4096 bytes)
Mountpoint-cache hash table entries: 512 (order: 0, 4096 bytes)
Checking that host ptys support output SIGIO...Yes
Checking that host ptys support SIGIO on close...No, enabling workaround
devtmpfs: initialized
random: get_random_bytes called from setup_net+0x48/0x1e0 with crng_init=0
Using 2.6 host AIO
clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
futex hash table entries: 256 (order: 0, 6144 bytes)
NET: Registered protocol family 16
clocksource: Switched to clocksource timer
NET: Registered protocol family 2
tcp_listen_portaddr_hash hash table entries: 256 (order: 0, 4096 bytes)
TCP established hash table entries: 1024 (order: 1, 8192 bytes)
TCP bind hash table entries: 1024 (order: 1, 8192 bytes)
TCP: Hash tables configured (established 1024 bind 1024)
UDP hash table entries: 256 (order: 1, 8192 bytes)
UDP-Lite hash table entries: 256 (order: 1, 8192 bytes)
NET: Registered protocol family 1
console [stderr0] disabled
mconsole (version 2) initialized on /home/cadey/.uml/tEwIjm/mconsole
Checking host MADV_REMOVE support...OK
workingset: timestamp_bits=62 max_order=14 bucket_order=0
Block layer SCSI generic (bsg) driver version 0.4 loaded (major 254)
io scheduler noop registered (default)
io scheduler bfq registered
loop: module loaded
NET: Registered protocol family 17
Initialized stdio console driver
Using a channel type which is configured out of UML
setup_one_line failed for device 1 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 2 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 3 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 4 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 5 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 6 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 7 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 8 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 9 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 10 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 11 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 12 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 13 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 14 : Configuration failed
Using a channel type which is configured out of UML
setup_one_line failed for device 15 : Configuration failed
Console initialized on /dev/tty0
console [tty0] enabled
console [mc-1] enabled
Failed to initialize ubd device 0 :Couldn't determine size of device's file
VFS: Mounted root (hostfs filesystem) on device 0:11.
devtmpfs: mounted
This architecture does not have kernel memory protection.
Run /bin/sh as init process
/bin/sh: can't access tty; job control turned off
random: fast init done
/ # 

Manipulasi di luhur bakal masihan urang Sistim tamu di minimum, tanpa hal kawas /proc atanapi hostname ditugaskeun. Contona, cobian paréntah di handap ieu:

- uname -av
- cat /proc/self/pid
- hostname

Pikeun kaluar tina tamu, ketik exit atawa pencét kontrol-d. Ieu bakal maéhan cangkang dituturkeun ku panik kernel:

/ # exit
Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000000
fish: “./linux root=/dev/root rootflag…” terminated by signal SIGABRT (Abort)

Urang ngalaman panik kernel ieu kusabab kernel Linux nganggap yén prosés inisialisasi salawasna jalan. Tanpa éta, sistem moal tiasa fungsina deui sareng réngsé. Tapi kumargi ieu mangrupikeun prosés modeu pangguna, kaluaran anu dihasilkeun ngirimkeun dirina ka SIGABRT, anu ngahasilkeun kaluaran.

Setélan jaringan tamu

Tapi di dieu pisan mimiti aya anu lepat. Jaringan dina Modeu Pangguna Linux — di dieu pisan sakabéh konsép "modeu pangguna" anu kawates mimiti runtuh. Sabab, dina tingkat sistem, jaringan biasana kawates. boga hak husus modeu palaksanaan pikeun sakabéh alesan kaharti.

Catetan. per .: Anjeun bisa maca leuwih lengkep tentang pilihan béda pikeun gawé bareng jaringan di UML di dieu.

Lalampahan ka Slirp

Sanajan kitu, aya hiji alat kuno jeung ampir unsupported disebut Slirén, kalayan bantosan Modeu Pangguna anu mana Linux tiasa berinteraksi sareng jaringan. Cara kerjana rada siga tumpukan TCP/IP dina tingkat pangguna sareng henteu meryogikeun idin sistem naon waé pikeun dijalankeun. Alat ieu dirilis dina 1995, jeung apdet panganyarna geus tanggal 2006. Slirp geus kolot pisan. Salami tanpa dukungan sareng apdet, kompiler parantos dugi ka ayeuna alat ieu ngan ukur tiasa didadarkeun salaku kode rot.

Hayu urang unduh Slirp ti gudangna. Ubuntu sareng hayu urang cobian ngajalankeunana:

sudo apt-get install slirp
/usr/bin/slirp
Slirp v1.0.17 (BETA)

Copyright (c) 1995,1996 Danny Gasparovski and others.
All rights reserved.
This program is copyrighted, free software.
Please read the file COPYRIGHT that came with the Slirp
package for the terms and conditions of the copyright.

IP address of Slirp host: 127.0.0.1
IP address of your DNS(s): 1.1.1.1, 10.77.0.7
Your address is 10.0.2.15
(or anything else you want)

Type five zeroes (0) to exit.

[autodetect SLIP/CSLIP, MTU 1500, MRU 1500, 115200 baud]

SLiRP Ready ...
fish: “/usr/bin/slirp” terminated by signal SIGSEGV (Address boundary error)

Duh gusti. Hayu urang pasang debugger Slirp sareng tingali upami urang tiasa terang naon anu aya di dieu:

sudo apt-get install gdb slirp-dbgsym
gdb /usr/bin/slirp
GNU gdb (Ubuntu 8.1-0ubuntu3) 8.1.0.20180409-git
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/slirp...Reading symbols from /usr/lib/debug/.build-id/c6/2e75b69581a1ad85f72ac32c0d7af913d4861f.debug...done.
done.
(gdb) run
Starting program: /usr/bin/slirp
Slirp v1.0.17 (BETA)

Copyright (c) 1995,1996 Danny Gasparovski and others.
All rights reserved.
This program is copyrighted, free software.
Please read the file COPYRIGHT that came with the Slirp
package for the terms and conditions of the copyright.

IP address of Slirp host: 127.0.0.1
IP address of your DNS(s): 1.1.1.1, 10.77.0.7
Your address is 10.0.2.15
(or anything else you want)

Type five zeroes (0) to exit.

[autodetect SLIP/CSLIP, MTU 1500, MRU 1500, 115200 baud]

SLiRP Ready ...

Program received signal SIGSEGV, Segmentation fault.
                                                    ip_slowtimo () at ip_input.c:457
457     ip_input.c: No such file or directory.

Kasalahan ngéléhkeun di urang garis ieu. Hayu urang tingali stacktrace, meureun aya anu ngabantosan urang di dinya:

(gdb) bt full
#0  ip_slowtimo () at ip_input.c:457
        fp = 0x55784a40
#1  0x000055555556a57c in main_loop () at ./main.c:980
        so = <optimized out>
        so_next = <optimized out>
        timeout = {tv_sec = 0, tv_usec = 0}
        ret = 0
        nfds = 0
        ttyp = <optimized out>
        ttyp2 = <optimized out>
        best_time = <optimized out>
        tmp_time = <optimized out>
#2  0x000055555555b116 in main (argc=1, argv=0x7fffffffdc58) at ./main.c:95
No locals.

Di dieu urang nempo yén kacilakaan lumangsung salila loop utama dimimitian nalika slirp nyoba mariksa timeouts. Dina titik ieu, kuring kedah nyerah nyobian debug. Tapi hayu urang tingali lamun Slirp diwangun ti sorts karya. Kuring ulang diundeur arsip langsung ti loka sourceforge, sabab nyered hiji hal ti dinya ngaliwatan garis paréntah mangrupa nyeri:

cd ~/dl
wget https://xena.greedo.xeserv.us/files/slirp-1.0.16.tar.gz
tar xf slirp-1.0.16.tar.gz
cd slirp-1.0.16/src
./configure --prefix=$HOME/prefix/slirp
make

Di dieu urang ningali panggeuing ngeunaan undefined built-in fungsi, nyaeta, ngeunaan henteu mampuh ngahubungkeun file binér hasilna. Nembongan yen antara 2006 jeung titik ieu, gcc dieureunkeun ngahasilkeun simbol dipaké dina fungsi diwangun-di file disusun panengah. Hayu urang coba ngaganti kecap konci inline dina koméntar kosong sareng tingali hasilna:

vi slirp.h
:6
a
<enter>
#define inline /**/
<escape>
:wq
make

Heueuh. Ieu oge teu jalan. Masih teu bisa manggihan simbol pikeun fungsi ieu.

Dina titik ieu, kuring nyerah sareng mimiti milarian Github Heroku ngawangun bungkusan. Téori kuring nyaéta yén sababaraha pakét ngawangun Heroku bakal ngandung binari anu kuring diperyogikeun. Tungtungna, pilarian ngarah kuring ka dieu. Kuring ngundeur tur unpacked uml.tar.gz sareng mendakan ieu:

total 6136
-rwxr-xr-x 1 cadey cadey   79744 Dec 10  2017 ifconfig*
-rwxr-xr-x 1 cadey cadey     373 Dec 13  2017 init*
-rwxr-xr-x 1 cadey cadey  149688 Dec 10  2017 insmod*
-rwxr-xr-x 1 cadey cadey   66600 Dec 10  2017 route*
-rwxr-xr-x 1 cadey cadey  181056 Jun 26  2015 slirp*
-rwxr-xr-x 1 cadey cadey 5786592 Dec 15  2017 uml*
-rwxr-xr-x 1 cadey cadey     211 Dec 13  2017 uml_run*

Ieu binér slirp! Naha anjeunna damel?

./slirp
Slirp v1.0.17 (BETA) FULL_BOLT

Copyright (c) 1995,1996 Danny Gasparovski and others.
All rights reserved.
This program is copyrighted, free software.
Please read the file COPYRIGHT that came with the Slirp
package for the terms and conditions of the copyright.

IP address of Slirp host: 127.0.0.1
IP address of your DNS(s): 1.1.1.1, 10.77.0.7
Your address is 10.0.2.15
(or anything else you want)

Type five zeroes (0) to exit.

[autodetect SLIP/CSLIP, MTU 1500, MRU 1500]

SLiRP Ready ...

Henteu ngadat - janten kedah dianggo! Hayu urang melak binér ieu ~/bin/slirp:

cp slirp ~/bin/slirp

Upami panyipta pakét ngaleungitkeun éta, I dijieun eunteung.

Konfigurasi jaringan

Ayeuna hayu urang nyetél jaringan dina kernel tamu urang. Apdet pilihan peluncuran:

linux 
  root=/dev/root 
  rootfstype=hostfs 
  rootflags=$HOME/prefix/uml-demo 
  rw 
  mem=64M 
  eth0=slirp,,$HOME/bin/slirp 
  init=/bin/sh

Ayeuna hayu urang hurungkeun jaringan:

mount -t proc proc proc/
mount -t sysfs sys sys/

ifconfig eth0 10.0.2.14 netmask 255.255.255.240 broadcast 10.0.2.15
route add default gw 10.0.2.2

Dua paréntah konfigurasi munggaran /proc и /sys diperlukeun pikeun digawé ifconfig, nu susunan panganteur jaringan pikeun komunikasi sareng Slirp. Tim route Nyetél tabel routing kernel pikeun maksakeun sagala lalulintas dikirim ngaliwatan torowongan Slirp. Hayu urang parios ieu ku pamundut DNS:

nslookup google.com 8.8.8.8
Server:    8.8.8.8
Address 1: 8.8.8.8 dns.google

Name:      google.com
Address 1: 172.217.12.206 lga25s63-in-f14.1e100.net
Address 2: 2607:f8b0:4006:81b::200e lga25s63-in-x0e.1e100.net

Gawéna!

Catetan per .: Tétéla, pos aslina ieu ditulis dina desktop kalayan kartu jaringan kabel, atawa sababaraha konfigurasi séjén nu teu merlukeun drivers tambahan. Dina laptop sareng WiFi 8265 ti Intel, aya kasalahan nalika ngangkat jaringan

/ # ifconfig eth0 10.0.2.14 netmask 255.255.255.240 broadcast 10.0.2.15
slirp_tramp failed - errno = 2
ifconfig: ioctl 0x8914 failed: No such file or directory
/ #

Tétéla, kernel teu tiasa komunikasi sareng supir kartu jaringan. Hiji usaha pikeun compile firmware kana kernel, hanjakalna, teu ngalereskeun kaayaan. Dina waktos ieu publikasi, teu mungkin pikeun manggihan solusi dina konfigurasi ieu. Dina configs basajan (contona, dina Virtualbox), panganteur naek leres.

Hayu urang ngajadikeun otomatis alihan kalayan skrip cangkang ieu:

#!/bin/sh
# init.sh

mount -t proc proc proc/
mount -t sysfs sys sys/
ifconfig eth0 10.0.2.14 netmask 255.255.255.240 broadcast 10.0.2.15
route add default gw 10.0.2.2

echo "networking set up"

exec /tini /bin/sh

Sareng cirian éta tiasa dieksekusi:

chmod +x init.sh

Teras urang bakal ngarobih kana garis paréntah kernel:

linux 
  root=/dev/root 
  rootfstype=hostfs 
  rootflags=$HOME/prefix/uml-demo 
  rw 
  mem=64M 
  eth0=slirp,,$HOME/bin/slirp 
  init=/init.sh

Jeung hayu urang ngulang:

SLiRP Ready ...
networking set up
/bin/sh: can't access tty; job control turned off

nslookup google.com 8.8.8.8
Server:    8.8.8.8
Address 1: 8.8.8.8 dns.google

Name:      google.com
Address 1: 172.217.12.206 lga25s63-in-f14.1e100.net
Address 2: 2607:f8b0:4004:800::200e iad30s09-in-x0e.1e100.net

Jaringanna stabil!

file docker

Sangkan leuwih gampang pikeun anjeun pariksa sagala ieu, Kuring geus dikumpulkeun dockerfile, anu ngajadikeun otomatis sabagéan ageung léngkah anu dijelaskeun sareng kedah masihan anjeun konfigurasi anu tiasa dianggo. Kuring ogé boga kernel preconfigured, anu ngagaduhan sadayana anu dijelaskeun dina tulisan. Tapi hal anu penting pikeun ngarti yén di dieu Kuring geus outlined ukur setelan minimum.

Mugi-mugi tulisan ieu ngabantosan anjeun ngartos kumaha carana ngajalankeun kernel tamu. Rada hésé, tapi tujuanana nyaéta pikeun nyayogikeun pituduh anu lengkep ngeunaan ngawangun, masang, sareng ngonpigurasikeun Modeu Pangguna. Linux dina vérsi modéren sistem operasi kulawarga ieu. Léngkah-léngkah salajengna kedah kalebet masang layanan sareng parangkat lunak sanés dina sistem tamu. Kusabab gambar wadah Docker ngan saukur tarball anu di-hype-up, anjeun kedah tiasa ngekstrak gambar ngalangkungan docker export, teras tangtukeun jalur pamasanganna dina akar sistem file kernel tamu. Nya, teras laksanakeun skrip cangkang.

Hatur nuhun khusus ka Rkeene ti #lobsters di Freenode. Tanpa bantosan anjeunna pikeun nga-debug Slirp, kuring moal dugi ka dieu. Kuring teu terang kumaha sistem Slackware-na jalan kalawan bener sareng slirp, tapi sistem kuring mah jalan. Ubuntu jeung Alpine teu narima slirp jeung binér Rkeene nawarkeun ka kuring. Tapi cukup keur kuring sahenteuna aya nu bisa jalan.

sumber: www.habr.com