[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Question: bootloader pygrub VS kernel and ramdisk in filesystem of Dom0
Hi Bobbi, On Sat, Apr 24, 2021 at 04:08:52AM +0200, Bobbi Sanchez wrote: > The first example goes with pygrub and the start of the domu in > this case, first loads pygrub, after that pygrub (aka grub) loads > the kernel and ramdisk. pygrub is not grub, it's a python script that opens a guest's block device(s), finds a grub config and tried to parse it. It isn't a part of the grub project. There's a couple of serious downsides to pygrub: - As it isn't part of the grub project, newer releases of grub can change and add configuration syntax which pygrub might not understand. That leaves the guest unbootable. - It opens guest block devices and does all its work in dom0 context. Linux filesystem developers do not give any strong guarantee that arbitrary filesystem images do not contain root exploits. For these reasons it is recommended that you either use pvgrub2 or pvhgrub instead. Both are integrated with grub upstream. > So my Question is what makes the differences to start a PV Guest > with bootload pygrub or load the kernel and ramdisk directly? Aside from the downsides of how pygrub works, there is no difference. pygrub does its thing in order to find and extract kernel and initramfs files. They are then passed to Xen for direct kernel boot. If you do direct kernel boot you are simply bypassing the pygrub part. The Xen part is identical. Practically speaking, if the guest administrator is not the dom0 administrator, then letting the guest administrator manage their own kernel & initramfs is generally a much easier life with pygrub / pvgrub2 / pvhgrub. Cheers, Andy
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |