Fully unprivileged VMs with User Mode Linux (UML) and SLIRP User Networking

Me

2021-05-09 11:36

A few months ago I wanted to test something that involved OpenVPN on an old, small VPS I rented.

The VPS runs on OpenVZ, which shares a kernel with the host and comes with one important constraint:
TUN/TAP support needs to be manually enabled, which on this VPS it was not.

Maybe run a VM instead? Nope, KVM is not available.

At this point it would've been easier to give up or temporarily rent another VPS, but I really wanted to run the test on this particular one.

Dealing with glibc faccessat2 breakage under systemd-nspawn

Me

2021-02-16 19:21

Backstory

A few months ago I stumbled upon this report on Red Hat's bugzilla.

The gist of it is that glibc began to make use of the new faccessat2 syscall, which when running under older systemd-nspawn is filtered to return EPERM. This misdirects glibc into assuming a file or folder cannot be accessed, when in reality nspawn just doesn't know the syscall.

A fix was submitted to systemd [1] but it turned out this didn't only affect nspawn, but also needed to be fixed in various container runtimes and related software [2] [3] [4] [5]. Hacking around it in glibc [6] or the kernel [7] was proposed, with both (rightfully) rejected immediately.

I pondered what an awful bug that was and was glad I didn't have to deal with this mess.

Running Windows 10 for ARM64 in a QEMU virtual machine

Me

2020-08-06 13:35

Since the development stages of Windows 10, Microsoft has been releasing a version of Windows that runs on 64-bit ARM (AArch64) based CPUs. Despite some hardware shipping with Windows 10 ARM [1] [2] [3] this port has received little attention and you can barely find programs that run on it.

Naturally, I wanted to try this out to see if it worked. And it turned out it does!

Installing the Debian X32 port on a VM or real machine

Me

2020-07-25 23:01

X32 is an ABI for Linux that uses the x86-64 instruction set but 32-bit longs and pointers (this is called ILP32), thereby limiting the memory for a single process to 4 GiB. Compared to amd64 it offers significant memory savings and unlike plain i386 it can make use of all registers and extensions also available to 64-bit code.

Debian has an X32 port since 2013 but installing it isn't quite straightforward.

To follow this guide you'll need:

A Debian netinst CD for the amd64 architecture: https://www.debian.org/CD/netinst/
A computer or VM with x86-64 compatible CPU
An internet connection on the machine you are installing

Virtualizing Raspbian (or any ARM/Linux distro) headless using QEMU

Me

2020-03-16 21:52

For testing or development it can be very useful to have a distribution that usually runs on an embedded ARM board such as the Raspberry Pi run right on your machine (that isn't ARM) using a virtual machine.

Opening a shell inside non-systemd nspawn containers

Me

2020-02-13 13:31

If you try to open shell inside a container that runs e.g. Alpine Linux using machinectl, the following not very descriptive error will appear:

# machinectl shell vpn
Failed to get shell PTY: Protocol error

QEMU Configuration & Usage

Me

2020-02-03 22:23

Here I collect some QEMU options I have found useful beyond the basics.