------------------------------------------------------------------ Installing Linux Secure Virtual Hosting Extension 1.0 (2003/04/30) ------------------------------------------------------------------ This guide assumes that you are familiar with Linux kernel installation. Consult documentations for the details of Linux or Linux distributions. This software is provided by "as is" without any implied warranties. Be sure to make backup of your disk before installation. -------------------------------------------------------------------- 1. Overview This document describes a prodecude for building Linux Secure Virtual Hosting Extension (linux-svh) kernel, kernel module, and utility programs. Let be the directory of linux- sources and be the directory of util-linux-svh sources. / linux-svh sources equivalent to original linux kernel. /crow_rk extend CPU scheduler module. /jail utility for creating virtual host. /rk_bin utility for creating resource reservation. /rk_lib library for making use of resource reservation. -------------------------------------------------------------------- 2. Supported Hardware Refer to HARDWARE. **Note** linux-svh *does* not support multi processor machine. -------------------------------------------------------------------- 3. Extracting the source code to your system Archive of full source code of original linux kernel "linux-.tar.gz", patch "linux-svh-.patch.gz", and "util-linux-svh-.tar.gz" (gzip'ed tar) is located in a directory in *SOMEWHERE*. Extracting full source code of linux-.tar.gz requires approximately 100MB of disk, and util-linux-svh-.tar.gz requires approximately 1MB of disk. Building binaries requires from source requires 150MB and 1.5 MB in total. An example command for extracting archives and apply patch, type as follows; # cd /usr/src # tar xvfz /full/path/linux-.tar.gz # tar xvfz /full/path/util-linux-svh-.tar.gz # ln -s /usr/src/linux /usr/src/linux-svh # cd /usr/src/linux-svh # gzip -d /full/path/linux-svh-.patch.gz # patch -p1 < /full/path/linux-svh-.patch -------------------------------------------------------------------- 4. Setting up build environment 4.1 prepare compiler Building linux-svh kernel and kernel module require gcc-2.91.x or gcc-2.95.x. At first, you have to install the C compiler according to suggestion from the vendor of your distribution. For exapmle, RedHat Linux provides RPM packages of egcs and required libiraries, so that you may get these RPMs and install them using rpm command. In RedHat7.2 envorinment(our reference environment), you can install egcs-1.1.2.16 and required library, to be exact, compat-egcs-6.2-1.1.2.16.i386.rpm and compat-glibc-6.2-2.1.3.2.i386.rpm from install CD or RedHat ftp site. **Note** gcc-2.96.x has critical bugs in optimizar, therefore binaries compiled by gcc-2.96.x doesn't work well. -------------------------------------------------------------------- 5. Building kernel After you have finished setting the build environment, build the kernel under the linux kernel building manner. 5.1 kernel configuration Before building kernel, you may want to set the configuration for your system environment using make config/menuconfig/xconfig. # cd /usr/src/linux-svh # make config or # make menuconfig or # make xconfig If you want to activate linux-svh features, you must settle several kernel configurations, describe as follows; [Code maturity level options] Prompt for development and/or incomplete code/drivers -> YES [Processot type and features] /dev/cpu/*/msr - Model specific register support -> YES (for Crusoe) /dev/cpu/*/cpuid - CPU information support -> YES (for Crusoe) MTRR (Memory Type Range Register) support -> YES (for Crusoe) Symetric multi-processing support -> NO [Loadable module support] Enable loadble module support -> YES [General setup] Jail like Honey Pot environment support -> YES CROW & Linux/RK module support -> YES New Physical Page Reservation support -> YES [Networking options] TCP/IP networking -> YES IP: aliasing support -> YES 802.1Q VLAN Support(EXPERIMENTAL) -> YES (optional) [Filesystems] Second extended fs development code -> YES (for EXT3FS) [Character devices] Unix98 PTY support -> YES 5.2 building and installing kernel At next, you may build kernel. # make dep clean bzImage # make modules Before installing your kernel, you have to set up your boot loader. In this document, we assume the lilo as boot loader, but the other boot loader (GRUB, bootmagic, ...) can deal with our kernel. If you haven't ever install linux-svh kernel, you have to append boot entry to /etc/lilo.conf. Typical configuration of lilo.conf is showen as follows; image=/boot/vmlinuz-2.2.25 label=linux-svh read-only root=/dev/hda1 Then you may install kernel. # installkernel 2.2.25 arch/i386/boot/bzImage System.map # make modules_install Installed files are; /boot/vmlinuz-2.2.25 /boot/System.map /lib/modules/2.2.25-svh/* -------------------------------------------------------------------- 6. Building kernel module and utility programs 6.1 configuration Makefile.inc includes build configurations. If you have extract linux kernel other directory instead of /usr/src/linux-svh, you must modify "LINUXDIR" in Makefile.inc. # vi /usr/src/util-linux-svh/Makefile.inc 6.2 building and installing Type "make" & "make install". # cd /usr/src/util-linux-svh # make; make install Installed files are; /lib/modules/2.2.25-svh/misc/crow_rk.o /usr/local/bin/jail /usr/local/bin/crow_exec /usr/local/bin/rklist /usr/local/bin/RKcleanRS /usr/local/bin/rkattach /usr/local/bin/rkcontrol /usr/local/bin/rkdestroyRS /usr/local/bin/rkdetach /usr/local/bin/rkexec /usr/local/bin/rkfreq /usr/local/lib/librk.a