[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question: bootloader pygrub VS kernel and ramdisk in filesystem of Dom0


  • To: xen-users@xxxxxxxxxxxxxxxxxxxx
  • From: Andy Smith <andy@xxxxxxxxxxxxxx>
  • Date: Sat, 24 Apr 2021 13:45:25 +0000
  • Delivery-date: Sat, 24 Apr 2021 13:46:22 +0000
  • List-id: Xen user discussion <xen-users.lists.xenproject.org>
  • Openpgp: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc

Hi Bobbi,

On Sat, Apr 24, 2021 at 04:08:52AM +0200, Bobbi Sanchez wrote:
> The first example goes with pygrub and the start of the domu in
> this case, first  loads pygrub, after that pygrub (aka grub) loads
> the kernel and ramdisk.

pygrub is not grub, it's a python script that opens a guest's block
device(s), finds a grub config and tried to parse it. It isn't a
part of the grub project.

There's a couple of serious downsides to pygrub:

- As it isn't part of the grub project, newer releases of grub can
  change and add configuration syntax which pygrub might not
  understand. That leaves the guest unbootable.

- It opens guest block devices and does all its work in dom0
  context. Linux filesystem developers do not give any strong
  guarantee that arbitrary filesystem images do not contain root
  exploits.

For these reasons it is recommended that you either use pvgrub2 or
pvhgrub instead. Both are integrated with grub upstream.

> So my Question is what makes the differences to start a PV Guest
> with bootload pygrub or load the kernel and ramdisk directly?

Aside from the downsides of how pygrub works, there is no
difference. pygrub does its thing in order to find and extract
kernel and initramfs files. They are then passed to Xen for direct
kernel boot. If you do direct kernel boot you are simply bypassing
the pygrub part. The Xen part is identical.

Practically speaking, if the guest administrator is not the dom0
administrator, then letting the guest administrator manage their own
kernel & initramfs is generally a much easier life with pygrub /
pvgrub2 / pvhgrub.

Cheers,
Andy



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.