OpenVZ Forum: Support » insmod problem

Home » General » Support » insmod problem

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: insmod problem [message #29818 is a reply to message #29812]

Fri, 25 April 2008 10:27

adobriyan
Messages: 80
Registered: November 2006

Member

There must be some confusion about what kernel modules are,
what they do, what OpenVZ does and what OpenVZ does not.

OpenVZ implements so-called container-style virtualization.
This means only 1 (one) kernel image is in memory and controls
the system and all, let's call them, virtual machines.
The situation is no different from normal unpatches Linux
kernel.

Modules allow administrator to load additional functionality
at live kernel. This can be device driver, allowing operating
system to interact with hardware, or file system driver,
allowing to mount new filesystems and so on.

Module's code is loaded and linked against already existing
kernel image in memory and possibly against other modules.
It's loaded with the very same privileges as the rest of the
kernel which are THE privileges.

Kernel module can access all kernel memory, the rest of the
kernel can access. Kernel module can change many data
structures without problems and all data structures with
minimal workarounds. I'm talking about exported symbols here.

Corollary #1: kernel module can royally screw up the system in
particularly disgusting wayes. It can seamlessly give root
priviledges to any process. Which would be the least of your
troubles, BTW.

Corollary #2: loading of kernel modules from inside
VE/container is not allowed. Root of VE is viewed as untrusted
here, as such, giving him such powerful weapon as
init_module(2) is simply out of question.
If you want to load something, let administrator of VE0 do it.

Corollary #3: if you want containerise some functionality your
module gives to you, you most certainly should change your
module. Depends on functionality it provides.

Other types of virtualization such as KVM allow you to have
multiple operating system kernels, as such, you can load
different modules into different kernels. In theory and modulo
bugs in virtualization layer and in hardware, this can't screw
up master kernel. OpenVZ doesn't operate like this by design
nor it was ever promised for OpenVZ to operate like this.

So, what your module actually does? In some case problem is
fixed by allowing VE to use major:minor pairs and creating
device nodes in.

Report message to a moderator

[Message index]

		insmod problem By: danielcamara on Fri, 25 April 2008 08:42
		Re: insmod problem By: maratrus on Fri, 25 April 2008 10:25
		Re: insmod problem By: adobriyan on Fri, 25 April 2008 10:27
		Re: insmod problem By: danielcamara on Fri, 25 April 2008 12:35

Previous Topic:	Support for 3ware 9690SA
Next Topic:	openvz problem

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sat Jul 13 19:26:42 GMT 2024

Total time taken to generate the page: 0.02266 seconds