jhammons@bigteam.org said:
> Do you have any statistics on resource usage? I would guess having
> the entire kernel in a user process would take up several megabytes.
No good ones at this point. The user-space kernel is larger than a native
one, but I haven't added much code to it, so I imagine that I've done some
stupid code-bloating things. After I look for them and fix them, I imagine
that it will be comparable to a native kernel. So, I would look at the size
of a native kernel, and I think that will in the ballpark of what you can
expect to see.
Also, if you care enough about something to stick it in a virtual machine, a
couple of megs is probably not a big deal. If it is, and you have a bunch of
things that need to live in virtual machines, you can make them all live in
the same one, where they can all infect each other with viruses and send love
notes to each other :-)
> Imagine 10 different running untrusted code on a virtual machine.
> Would that work on a machine with 128Mb? I suppose all of the code
> segment can be shared among those processes, but how big is the user
> mode kernel data segment?
Like I just said, you can stick them all in the same virtual machine if you
want.
I typically run virtual machines configured with 16 meg of "physical" memory,
and, in that I can fit a decent machine with a lot of the services you'd
expect on a Linux box, and I do kernel builds and run X (server and clients)
with no trouble.
So, you could make a single-purpose sandbox virtual machine run in a lot less
than 16 meg.
Having said that, this is somewhat more resource-intensive than other
sandboxes, but it's also more secure.
Jeff
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Jun 15 2000 - 21:00:20 EST