[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] pygrub vs. pv-grub

To: xen-users@xxxxxxxxxxxxx
From: Simon Hobson <linux@xxxxxxxxxxxxxxxx>
Date: Mon, 7 May 2012 17:21:42 +0100
Delivery-date: Mon, 07 May 2012 16:22:45 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

At 11:48 -0400 7/5/12, Chris Dickson wrote:

Hello all, I've been using pygrub successfully as my bootloader butI recently ran across this and I'm wondering if anyone has anyinsight:
<http://wiki.xensource.com/xenwiki/PvGrub>http://wiki.xensource.com/xenwiki/PvGrub

See the thread titled "Where does PyGrub run?" from teh archives forlast month.

This says that pv-grub is a replacement for pygrub that loads thekernel and initrd from within the domU safely. As far as I knew,pygrub does this as well in my recent Xen 4.1 installation, howeverI know that pygrub has to read the kernel and initrd out of the domUfor a moment to boot it.


Indeed, you have hit the nail on the head.

PyGrub copies the DomU kernel and initrd from the DomU filesystemimage to Dom0 and then creates a new domain using that kernel. Thismeans that PyGrub manipulates the DomU filesystem and files fromwithin Dom0 which is a potential security issue if someone can find aflaw in the code and craft (for example) a malicious filesystem ormenu.lst.


PvGrub executes within the newly created DomU environment.

If you read through the previous thread you'll see that it's possibleto setup guests with a read-only recovery partition so that it's notpossible for a user to make their VM unbootable with PvGrub.

My Xen 4.1 installation does not seem to come with any pv-grub gzipfiles as are shown in the documentation. Has pygrub since replacedpv-grub, or is pv-grub still in existence and if so what is thedifference?

AFAIK both are still current programs. However I vaguely recall therebeing some licensing issue that means PvGrub is not included in somedistros (Debian being one).Ah, now I look it up I see it's probably more a case of "not beenpackaged yet" for Debian :


http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=588839
http://xen.1045712.n5.nabble.com/pv-grub-removed-td3046506.html

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

Follow-Ups:
- Re: [Xen-users] pygrub vs. pv-grub
  - From: Chris Dickson

References:
- [Xen-users] pygrub vs. pv-grub
  - From: Chris Dickson

Prev by Date: Re: [Xen-users] Is this IO-starving?
Next by Date: Re: [Xen-users] pygrub vs. pv-grub
Previous by thread: [Xen-users] pygrub vs. pv-grub
Next by thread: Re: [Xen-users] pygrub vs. pv-grub
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.