SKAS or TT mode

SKAS mode, of course! :-)

-Chris

Just out of intest what is the actual difference between them.

I just read on a site that alot of people run UML in TT mode and it is alot slower than the SKAS mode.

Adam

TT, or Tracing Thread mode has a process on the host for every process in each UML. You can imagine the contribution to the host's load for even 10 UMLs running in TT mode. In TT mode, all the UML's processes have writable access to their UML's kernel memory (which is bad). To get around this, UML has TT mode options "honeypot" and "jail" which try to fix these problems, with the cost of additional overhead.

Separate Kernel Address Space, or SKAS mode separates kernel and user-space into two processes on the host per UML (plus an ubd driver asynchronous IO thread and write SIGIO emulation thread). Thus, the user-space process can't access the kernel process's memory, which increases security for one thing).

Here are some snippets from Jeff's SKAS page:

> In short, the changes cause the UML kernel to run in an entirely different host address space from its processes. This solves the security and honeypot fingerprinting problems by making the UML kernel totally inaccessible to UML processes. Their address spaces are identical to what they would be on the host. This also provides a noticable speedup by eliminating the signal delivery that used to happen for every UML system call.

-Chris