Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Xen: Users

pygrub vs. pv-grub

 

 

Xen users RSS feed   Index | Next | Previous | View Threaded


chrisd1100 at gmail

May 7, 2012, 8:48 AM

Post #1 of 5 (1286 views)
Permalink
pygrub vs. pv-grub

Hello all, I've been using pygrub successfully as my bootloader but I
recently ran across this and I'm wondering if anyone has any insight:

http://wiki.xensource.com/xenwiki/PvGrub

This says that pv-grub is a replacement for pygrub that loads the kernel
and initrd from within the domU safely. As far as I knew, pygrub does this
as well in my recent Xen 4.1 installation, however I know that pygrub has
to read the kernel and initrd out of the domU for a moment to boot it. My
Xen 4.1 installation does not seem to come with any pv-grub gzip files as
are shown in the documentation. Has pygrub since replaced pv-grub, or is
pv-grub still in existence and if so what is the difference? Can pv-grub
actually use the installed grub from within the domU without ever reading
anything from within the domU outside in dom0?

Thank you,

Chris


linux at thehobsons

May 7, 2012, 9:21 AM

Post #2 of 5 (1225 views)
Permalink
Re: pygrub vs. pv-grub [In reply to]

At 11:48 -0400 7/5/12, Chris Dickson wrote:
>Hello all, I've been using pygrub successfully as my bootloader but
>I recently ran across this and I'm wondering if anyone has any
>insight:
>
><http://wiki.xensource.com/xenwiki/PvGrub>http://wiki.xensource.com/xenwiki/PvGrub

See the thread titled "Where does PyGrub run?" from teh archives for
last month.

>This says that pv-grub is a replacement for pygrub that loads the
>kernel and initrd from within the domU safely. As far as I knew,
>pygrub does this as well in my recent Xen 4.1 installation, however
>I know that pygrub has to read the kernel and initrd out of the domU
>for a moment to boot it.

Indeed, you have hit the nail on the head.
PyGrub copies the DomU kernel and initrd from the DomU filesystem
image to Dom0 and then creates a new domain using that kernel. This
means that PyGrub manipulates the DomU filesystem and files from
within Dom0 which is a potential security issue if someone can find a
flaw in the code and craft (for example) a malicious filesystem or
menu.lst.

PvGrub executes within the newly created DomU environment.

If you read through the previous thread you'll see that it's possible
to setup guests with a read-only recovery partition so that it's not
possible for a user to make their VM unbootable with PvGrub.

> My Xen 4.1 installation does not seem to come with any pv-grub gzip
>files as are shown in the documentation. Has pygrub since replaced
>pv-grub, or is pv-grub still in existence and if so what is the
>difference?

AFAIK both are still current programs. However I vaguely recall there
being some licensing issue that means PvGrub is not included in some
distros (Debian being one).
Ah, now I look it up I see it's probably more a case of "not been
packaged yet" for Debian :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=588839
http://xen.1045712.n5.nabble.com/pv-grub-removed-td3046506.html

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

_______________________________________________
Xen-users mailing list
Xen-users [at] lists
http://lists.xen.org/xen-users


chrisd1100 at gmail

May 7, 2012, 9:57 AM

Post #3 of 5 (1245 views)
Permalink
Re: pygrub vs. pv-grub [In reply to]

Arg, thanks Simon. I'm using the debian package so that's the issue. I'm
compiling everything in 4.1.2 from source now so hopefully pv-grub gets
built.

On Mon, May 7, 2012 at 12:21 PM, Simon Hobson <linux [at] thehobsons>wrote:

> At 11:48 -0400 7/5/12, Chris Dickson wrote:
>
>> Hello all, I've been using pygrub successfully as my bootloader but I
>> recently ran across this and I'm wondering if anyone has any insight:
>>
>> <http://wiki.xensource.com/**xenwiki/PvGrub<http://wiki.xensource.com/xenwiki/PvGrub>
>> >http://wiki.**xensource.com/xenwiki/PvGrub<http://wiki.xensource.com/xenwiki/PvGrub>
>>
>
> See the thread titled "Where does PyGrub run?" from teh archives for last
> month.
>
>
> This says that pv-grub is a replacement for pygrub that loads the kernel
>> and initrd from within the domU safely. As far as I knew, pygrub does this
>> as well in my recent Xen 4.1 installation, however I know that pygrub has
>> to read the kernel and initrd out of the domU for a moment to boot it.
>>
>
> Indeed, you have hit the nail on the head.
> PyGrub copies the DomU kernel and initrd from the DomU filesystem image to
> Dom0 and then creates a new domain using that kernel. This means that
> PyGrub manipulates the DomU filesystem and files from within Dom0 which is
> a potential security issue if someone can find a flaw in the code and craft
> (for example) a malicious filesystem or menu.lst.
>
> PvGrub executes within the newly created DomU environment.
>
> If you read through the previous thread you'll see that it's possible to
> setup guests with a read-only recovery partition so that it's not possible
> for a user to make their VM unbootable with PvGrub.
>
>
> My Xen 4.1 installation does not seem to come with any pv-grub gzip
>> files as are shown in the documentation. Has pygrub since replaced pv-grub,
>> or is pv-grub still in existence and if so what is the difference?
>>
>
> AFAIK both are still current programs. However I vaguely recall there
> being some licensing issue that means PvGrub is not included in some
> distros (Debian being one).
> Ah, now I look it up I see it's probably more a case of "not been packaged
> yet" for Debian :
>
> http://bugs.debian.org/cgi-**bin/bugreport.cgi?bug=588839<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=588839>
> http://xen.1045712.n5.nabble.**com/pv-grub-removed-td3046506.**html<http://xen.1045712.n5.nabble.com/pv-grub-removed-td3046506.html>
>
> --
> Simon Hobson
>
> Visit http://www.**magpiesnestpublishing.co.uk/<http://www.magpiesnestpublishing.co.uk/>for books by acclaimed
> author Gladys Hobson. Novels - poetry - short stories - ideal as
> Christmas stocking fillers. Some available as e-books.
>
> ______________________________**_________________
> Xen-users mailing list
> Xen-users [at] lists
> http://lists.xen.org/xen-users
>


lsc at prgmr

May 7, 2012, 10:36 AM

Post #4 of 5 (1221 views)
Permalink
Re: pygrub vs. pv-grub [In reply to]

On Mon, May 07, 2012 at 12:57:54PM -0400, Chris Dickson wrote:
> Arg, thanks Simon. I'm using the debian package so that's the issue. I'm
> compiling everything in 4.1.2 from source now so hopefully pv-grub gets
> built.

Note, pv-grub doesn't need to be built with the dom0 you use.
I have a bunch of CentOS5/xen Dom0s, and the RHEL5/xen doesn't come
with pv-grub. I compile pv-grub seperately and just copy the binary
to my RHEL5 dom0 and it works fine.

_______________________________________________
Xen-users mailing list
Xen-users [at] lists
http://lists.xen.org/xen-users


chrisd1100 at gmail

May 7, 2012, 11:35 AM

Post #5 of 5 (1286 views)
Permalink
Re: pygrub vs. pv-grub [In reply to]

Thanks all, everything is working nicely now. After getting the prereqs for
xen 4.1.2 I did a 'make stubdom' and found pv-grub-x86_64.gz waiting for me
in ./dist/install/usr/lib/xen/boot/.

Also, I noticed people talking about the grub 0.97 fedora patch with ext4
support, so I gave that a shot and placed it at
./stubdom/grub.patches/grub-ext4-support.patch. Here's where I got it from.

http://pkgs.fedoraproject.org/gitweb/?p=grub.git;a=blob_plain;f=grub-ext4-support.patch;hb=3bcdb10fc21d8e94efa70fd91d21224f13f01433

Booted a domU right up with pv-grub off of an ext4 volume. Nice.

Thanks,

Chris

On Mon, May 7, 2012 at 1:36 PM, Luke S. Crawford <lsc [at] prgmr> wrote:

> On Mon, May 07, 2012 at 12:57:54PM -0400, Chris Dickson wrote:
> > Arg, thanks Simon. I'm using the debian package so that's the issue. I'm
> > compiling everything in 4.1.2 from source now so hopefully pv-grub gets
> > built.
>
> Note, pv-grub doesn't need to be built with the dom0 you use.
> I have a bunch of CentOS5/xen Dom0s, and the RHEL5/xen doesn't come
> with pv-grub. I compile pv-grub seperately and just copy the binary
> to my RHEL5 dom0 and it works fine.
>
> _______________________________________________
> Xen-users mailing list
> Xen-users [at] lists
> http://lists.xen.org/xen-users
>

Xen users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.