Re: who performs a domU fsck?

[Andy Smith <andy@xxxxxxxxxxxxxx>]

Hi,

On Tue, Mar 18, 2025 at 11:00:05AM +0000, Klaus Darilion wrote:
> You could do the fsck for the domU block device manually. Just shut
> down the domU, and then in the dom0 run fsck on the logical volume
> used for the VM.

This is fraught with danger.

For a start, domU and dom0 may not be running the same version of the
filesystem which can in extreme cases lead to damage or just a refusal
to run an old fsck on a version of the fs that it doesn't understand
(incompatible feature flags).

Next up, no Linux in-kernel filesystem guarantees to be secure against
crafted data, i.e. there is no promise that a domU block device does not
contain something that causes the hackers to be in your Gibson when you
run fsck on it from the dom0 (or mount it, even read-only).

Generally, all domU filesystem operations should be done in domU
context, which is a major reason why we don't use pygrub any more.
Obviously if you are the person running both the domU and the dom0 then
you're probably not trying to compromise yourself, but the risk of bad
interaction is too high, so it's still a last resort.

Regarding OP's question, domU should see dom0 crash like an abrupt
poweroff and do a fsck on boot like any other Linux does. Mine do. The
domU logs should confirm this. Mine do.

Thanks,
Andy