Re: GNU Mach: in user-mode?

[Ivan Shmakov]

>>>>> Samuel Thibault <samuel.thibault@gnu.org> writes:

 >>>> * The time and qualification necessary to deploy one or more
 >>>> GNU/Linux systems on a single host using User-Mode Linux is (to my
 >>>> experience) significantly lower than for the other solutions (KVM,
 >>>> Xen)

 >>> For Xen I agree.  For KVM, I don't.  Building a UML image is not
 >>> particularly easier than building a KVM image.

 >> I've implied using rootstrap to build an image.

 > And you can use debootstrap to build a debian image.  There is no
 > fundamental difference here.

        There is: debootstrap only runs privileged.

        Essentially, rootstrap is a wrapper that starts debootstrap(8)
        under UML, thus providing it with all the necessary privileges.
        Also, it does mke2fs(8), prepares interfaces(5) and does a few
        more minor tasks along the way.  And it's extensible, too.

 >>>> * Running User-Mode Linux doesn't imply any privileged user
 >>>> intervention (contrary to both KVM and Xen)

 >>> KVM doesn't either.

 >> Nevertheless, it depends on access to /dev/kvm, which is a
 >> privilege.

 > Oh, I thought it was given to any user.

        There's the `kvm' group in Debian GNU/Linux.

 > So they still fear security breaches...

        A completely bug-free version of Linux is yet to be released.

[...]

 >> However, what bothers me the most, is the use of hardware emulation,
 >> leading to:

 > That, however, is a valid point yes.  That's also one of the reason
 > why I prefer running Mach in Xen than in KVM.

        Thus, I could conclude that user-mode Mach is ought to bear both
        of the advantages:

        * runs unprivileged (like KVM);

        * doesn't emulate hardware (like Xen.)

        With the latter being said, I wonder, wouldn't the changes
        necessary to run GNU Mach in user-mode be similar to those
        already done to make it suitable for Xen?