[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] pygrub vs. pv-grub

Arg, thanks Simon. I'm using the debian package so that's the issue. I'm compiling everything in 4.1.2 from source now so hopefully pv-grub gets built.

On Mon, May 7, 2012 at 12:21 PM, Simon Hobson <linux@xxxxxxxxxxxxxxxx> wrote:
At 11:48 -0400 7/5/12, Chris Dickson wrote:
Hello all, I've been using pygrub successfully as my bootloader but I recently ran across this and I'm wondering if anyone has any insight:

<http://wiki.xensource.com/xenwiki/PvGrub>http://wiki.xensource.com/xenwiki/PvGrub

See the thread titled "Where does PyGrub run?" from teh archives for last month.


This says that pv-grub is a replacement for pygrub that loads the kernel and initrd from within the domU safely. As far as I knew, pygrub does this as well in my recent Xen 4.1 installation, however I know that pygrub has to read the kernel and initrd out of the domU for a moment to boot it.

Indeed, you have hit the nail on the head.
PyGrub copies the DomU kernel and initrd from the DomU filesystem image to Dom0 and then creates a new domain using that kernel. This means that PyGrub manipulates the DomU filesystem and files from within Dom0 which is a potential security issue if someone can find a flaw in the code and craft (for example) a malicious filesystem or menu.lst.

PvGrub executes within the newly created DomU environment.

If you read through the previous thread you'll see that it's possible to setup guests with a read-only recovery partition so that it's not possible for a user to make their VM unbootable with PvGrub.


ÂMy Xen 4.1 installation does not seem to come with any pv-grub gzip files as are shown in the documentation. Has pygrub since replaced pv-grub, or is pv-grub still in existence and if so what is the difference?

AFAIK both are still current programs. However I vaguely recall there being some licensing issue that means PvGrub is not included in some distros (Debian being one).
Ah, now I look it up I see it's probably more a case of "not been packaged yet" for Debian :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=588839
http://xen.1045712.n5.nabble.com/pv-grub-removed-td3046506.html

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.