|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Separate kernel on domU's
On Wed, Feb 22, 2012 at 12:28:51PM +0100, eva wrote: > Hello, > > I am still learning about Xen.. I am trying to setup Xen hypervisor > for the first time. I was reading the howto here: > > http://www.howtoforge.com/paravirtualization-with-xen-4.0-on-debian-squeeze-amd64 > > and I stopped here: > > "(To use the default Ubuntu kernel instead of Debian's Xen kernel in > the guest, you can also comment out the kernel and initrd lines in > /etc/xen-tools/xen-tools.conf.)" I don't remember a lot about xen-tools, and others have given you some pointers on how to manually specify a DomU kernel from the Dom0- Personally, though, I find it much easier to keep the DomU kernel in the DomU. With proper configuration (installation of grub-legacy on some platforms, so the guest updates the grub1 configuration file rather than the grub2 configuration file in the guest) It is possible to set things up so that the guest can upgrade the guest kernel without the dom0 doing anything. PyGRUB, I think is the recommended debian way to do this, but PyGRUB isn't very secure if you don't trust the guest administrators. PV-GRUB solves those problems, and can call itself, but you'd need to compile it from source and copy it over, as it doesn't come with debian. (It will work fine with the rest of the xen setup, debian just doesn't package it.) here is some info on PVGRUB and how I use it with my untrusted users - the document is kind of out of date, but I think still correct in the important ways: http://wiki.prgmr.com/mediawiki/index.php/Chapter_7:_Hosting_Untrusted_Users_Under_Xen:_Lessons_from_the_Trenches#PV-GRUB:_A_SAFER_ALTERNATIVE_TO_PYGRUB.3F I create a pvgrub config file on a read-only partition and boot off that; but that menu.lst calls pvgrub with the menu.lst on the user-writable partition after two seconds, so by default, the user's menu.lst is what boots the kernel, but if for whatever reason the user screws that up, they can boot off the read-only partition and fix it without bugging me. I've got some basic info about pygrub above that in the same document. Like I said, I think pygrub is not suitable for untrusted guests because of security problems and because if the guest messes up the grub config, they need dom0 administrator help to fix it. But, on the plus side, I think there are recent versions of pygrub support grub2 format config files. Note, pvgrub protects you from the recent exploits in the code to unzip kernels, pygrub does not. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |