First page Back Continue Last page Summary Graphics



The security goal for UML is that root inside the virtual machine should not be able to break out of it.
The major problem is that kernel memory is mapped into the address space of each UML process, where it can be changed. The fix will be to unmap it or protect it whenever the process is in user space.
Also, other methods of changing kernel memory, like /proc/kmem will need to be disabled.