Provided by: vuos-umvu_0.9.2-1_amd64 
NAME
umvu – user-mode implementation of VUOS
SYNOPSIS
umvu [options ...] command [args]
DESCRIPTION
VUOS: view based operating system. VUOS gives processes their own view of the system resources. VUOS is
a different perspective on namespaces, anykernels and related concepts. The main idea behind VUOS is
that it is possible to give processes their own view using partial virtual machines.
A partial virtual machine intercepts the system call requests and operates like a filter: system call can
be forwarded to the kernel of the hosting system or processed by the partial virtual machine hypervisor.
In this way processes can see a mix of resources provided by the kernel (on which they have the same view
of the other processes) and virtual resource. It is possible to mount filesystems, load networking
stacks, change the structure of the file system tree, create virtual devices, etc.
umvu is a user mode implementation of VUOS concepts It is a modular partial virtual machine. Before
loading any module, umvu is completely transparent, a process behaves inside umvu as it would have
behaved outside. vu_insmod(1) is the tool to load modules, e.g. vufuse for file system virtualization,
vunet for networking, vudev for virtual devices, etc. These are just some examples of modules provided
by the VirtualSquare team: modules are dynamic library based plugins so can be designed and implemented
independently and loaded/unloaded at run time.
umvu (VUOS hypervisor) is just a user process so, while it gives new perspective for processes, it does
not widen the attack surface of the kernel.
OPTIONS
-h, --help
Print a short help message and exit.
-x, --nonesting
umvu provides nested virtualization. It means that the system call requests of the modules can
refer to virtual resource. (for example it is possible to mount a file system stored on a virtual
device). The -x or --nonesting option disables this feature.
-S, --noseccomp
umvu uses a seccomp filter to speed-up the virtualization. The -S or --noseccomp option disables
this feature.
-f file, --rc file
Execute commands from file instead of the system wide initialization file /etc/vurc and the
standard personal initialization file ~/.vurc
-N, --norc
Do not run the system wide initialization file /etc/vurc and the standard personal initialization
file ~/.vurc
-V name, --vu_name name
set the name of the view. This name can be read and set using vuname(1)
-d debugtags, --debugtags debugtags
set the debug tags enabled from the beginning. e.g. -d s enables log messages of system call
requests. (see vudebug(1) for a detailed description)
-D colorspec, --debugcols colorspec
set color and font effects for log messages. e.g. -D p:r -D c:g# means that path resolution
messages will be displayed in red while module choice log will be in reverse green. Color
definition can refer to enable and disabled categories (the option defines the colors for a
successive activation). (see vudebug(1) for a detailed description)
-l level, --loglevel level
set the debug level. Only messages having level less or equal of the parameter of this option
will be displayed. (0 = emergency, 1 = alert, 2 = critical, 3 = error, 4 = warning, 5 = notice, 6
= info, 7 = debug). The default level is 4.
-s level, --syslog level
use syslog(2) for logging and log messages having level less or equal of the parameter of this
option. (0 = emergency, 1 = alert, 2 = critical, 3 = error, 4 = warning, 5 = notice, 6 = info, 7
= debug). This option is disabled by default.
EXAMPLES
mount a file system image
The following example mounts /tmp/linux.img on /mnt.
start the hypervisor, and run a bash inside the partial virtual machine
$ umvu bash
This is the prompt of the partial virtualized shell, let us change it to $$ to show the difference
$ PS1='\$\$ '`
let us load vufuse: a user-mode implementation of FUSE (source compatible with FUSE modules)
$$ vu_insmod vufuse
nothing is currently mounted on /mnt
$$ ls /mnt
the following command mounts the filesystem image /tmp/linux.img
$$ vumount -t vufuseext2 -o ro /tmp/linux.img /mnt
now the image has been mounted:
$$ ls /mnt
bin boot dev etc lib lost+found mnt proc sbin tmp usr
$$ vuumount /mnt
$$ ls /mnt
$$ exit
We have left the partial virtual machine
Comments: user can mount any filesystem they like, on any directory. The linux kernel is not involved
for all the system calls related to files in the mounted filesystem. The effects of this mount is just
perceived by the processes running in the partial virtual machine. vumount is just a wrapper to the
mount(1) system call (the command mount(8) does much much more, it is setuid root and requires real uid
to be root to permit filesystem mounting (mount(8) works in umvu adding a module of uid/gid
virtualization).
create a disk image, partition it, create a filesystem and mount it
In this example an 1GiB empty file is seen as a virtual disk, this disk gets partitioned (GPT), an ext4
file system is created on its first partition and finally this file system is mounted on /mnt
start the hypervisor, and run a bash inside the partial virtual machine
$ umvu bash
This is the prompt of the partial virtualized shell, let us change it to $$ to show the difference
$ PS1='\$\$ '
let us load vudev and vufuse: vudev to virtualize devices and vufuse as in the previous example
$$ vu_insmod vudev vufuse
create a 1 GiB large empty file
$$ truncate -s 1G /tmp/disk
$$ ls -l /tmp/disk
-rw-r--r-- 1 renzo renzo 1073741824 Jun 3 11:55 /tmp/disk
let us mount the empty file as a partitioned virtual disk:
$$ vumount -t vudevpartx /tmp/disk /dev/hda
Bad MBR signature 0 0
clearly if not a partitioned disk, yet. Let us add a partitioning scheme:
$$ /sbin/gdisk /dev/hda
GPT fdisk (gdisk) version 1.0.3
Partition table scan:
MBR: not present
BSD: not present
APM: not present
GPT: not present
Creating new GPT entries.
Command (? for help): n
Partition number (1-128, default 1):
First sector (34-2097118, default = 2048) or {+-}size{KMGTP}:
Last sector (2048-2097118, default = 2097118) or {+-}size{KMGTP}: +200M
Current type is 'Linux filesystem'
Hex code or GUID (L to show codes, Enter = 8300):
Changed type of partition to 'Linux filesystem'
Command (? for help): n
Partition number (2-128, default 2):
First sector (34-2097118, default = 411648) or {+-}size{KMGTP}:
Last sector (411648-2097118, default = 2097118) or {+-}size{KMGTP}:
Current type is 'Linux filesystem'
Hex code or GUID (L to show codes, Enter = 8300):
Changed type of partition to 'Linux filesystem'
Command (? for help): p
Disk /dev/hda: 2097152 sectors, 1024.0 MiB
Sector size (logical): 512 bytes
Disk identifier (GUID): F2A76123-73ED-4052-BAFE-6B37473E6187
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 2097118
Partitions will be aligned on 2048-sector boundaries
Total free space is 2014 sectors (1007.0 KiB)
Number Start (sector) End (sector) Size Code Name
1 2048 411647 200.0 MiB 8300 Linux filesystem
2 411648 2097118 823.0 MiB 8300 Linux filesystem
Command (? for help): w
Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!
Do you want to proceed? (Y/N): Y
OK; writing new GUID partition table (GPT) to /dev/hda.
The operation has completed successfully.
The disk has been partitioned:
$$ ls -l /dev/hda1
brw------- 0 renzo renzo 0, 1 Jan 1 1970 /dev/hda1
$$ ls -l /dev/hda2
brw------- 0 renzo renzo 0, 2 Jan 1 1970 /dev/hda2
Now it is possible to create an ext4 partition on /dev/hda1
$$ /sbin/mkfs.ext4 /dev/hda1
mke2fs 1.45.1 (12-May-2019)
warning: Unable to get device geometry for /dev/hda1
Creating filesystem with 204800 1k blocks and 51200 inodes
Filesystem UUID: c96c6499-40cd-43df-addf-52e06d7e6842
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729
Allocating group tables: done
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done
now the file system on /dev/hda1 can be mounted on /mnt
$$ vumount -t vufuseext2 -o rw+ /dev/hda1 /mnt
add a significative file on /mnt
$$ echo ciao * /mnt/hello
$$ ls -l /mnt
total 13
-rw-r--r-- 1 renzo renzo 5 Jun 3 12:09 hello
drwx------ 2 root root 12288 Jun 3 12:06 lost+found
$$ vuumount /mnt
$$ vuumount /dev/hda
$$ exit
$
mount a user-level networking stack
It is possible to provide network partial virtualization using the vunet module
start the hypervisor, and run a bash inside the partial virtual machine
$ umvu bash
This is the prompt of the partial virtualized shell, let us change it to $$ to show the difference
$ PS1='\$\$ '
let us load vunet
$$ vu_insmod vunet
the following command #mounts# a vde network on /dev/net/myvde. (see https://github.com/rd235/vdeplug4)
$$ vumount -t vunetvdestack vxvde:// /dev/net/myvde
vustack is the command to select the stack to use.
$$ vustack /dev/net/myvde ip link
1: lo: *LOOPBACK* mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: vde0: *BROADCAST,MULTICAST* mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 7e:76:c0:d7:3b:37 brd ff:ff:ff:ff:ff:ff
without vustack I can still access the stack provided by the linux kernel
$$ ip link
1: lo: *LOOPBACK,UP,LOWER_UP* mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: *BROADCAST,MULTICAST,UP,LOWER_UP* mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 80:aa:bb:cc:dd:ee brd ff:ff:ff:ff:ff:ff
let us start a bash using /dev/net/myvde as itsdfault net
$$ vustack /dev/net/myvde bash
$ PS1='\$N\$ '
let us configure the net
$N$ ip addr add 192.168.250.250/24 dev vde0
$N$ ip link set vde0 up
$N$ ip route add default via 192.168.250.1
$N$ ip addr
1: lo: *LOOPBACK* mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: vde0: *BROADCAST,MULTICAST,UP,LOWER_UP* mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 7e:76:c0:d7:3b:37 brd ff:ff:ff:ff:ff:ff
inet 192.168.250.250/24 scope global vde0
valid_lft forever preferred_lft forever
inet6 fe80::7c76:c0ff:fed7:3b37/64 scope link
valid_lft forever preferred_lft forever
$N$ ip route
default via 192.168.250.1 dev vde0
192.168.250.0/24 dev vde0 proto kernel scope link src 192.168.250.250
$N$ ping 80.80.80.80
PING 80.80.80.80 (80.80.80.80) 56(84) bytes of data.
64 bytes from 80.80.80.80: icmp_seq=1 ttl=52 time=56.9 ms
64 bytes from 80.80.80.80: icmp_seq=2 ttl=52 time=57.9 ms
^C
$N$
SEE ALSO
vu_insmod(1), vu_lsmod(1), vu_rmmod(1), vumount(1), vuumount(1), vudebug(1)
AUTHOR
VirtualSquare. Project leader: Renzo Davoli
VirtualSquare-VUOS January 2024 UMVU(1)