[PLUG] Plug hostfs hole in uml without kernel recompile?

[Steve Jorgensen]

Hi all,

Yet another User Mode Linux question...  Here I am, happily setting up User 
Mode Linux becuase I know I'm going to be a security bonehead, and this 
seems like a good way to keep services isolated from one another without a 
room full of systems to run my home network.  Also, it was seeming actually 
easier to understand and set up than chroot.  Now, come to find out that 
UML can happily access the host filesystem using hostfs - so much for 
bullet proof security.  Sure, it's still more secure than not using uml, 
but not nearly so much as I thought.  On article I saw recommended running 
uml in chroot for this reason - so much for not having to learn about 
chroot.

So, I know that I could compile my own uml kernel with hostfs support 
ommitted, but I just finished a week-long ordeal getting my host kernel to 
compile with gcc 3.3 so I could set up the skas patches.  I'm not looking 
forward to another kernel recompile experiment at this particular time. 
 Shouldn't there just be a uml start-up option to disable hostfs?  OK, 
"should" and reality appear to differ in this case, but I'm hoping someone 
here knows some simple, clever trick I could use.

Anyone?

Thanks,

- Steve Jorgensen