• Cloud Servers

    • Server Range

      Mammoth have a range of server solutions suitable for all types of web applications, large and small.

      Mammoth Cloud servers can be upgraded or downgraded at any time, providing almost unlimited growth potential.

       

      Whether you are running a small Wordpress blog, or a large Magento e-commerce platform, Mammoth has a solution suitable for your business - now, and in the future.

    • Windows Cloud VPS

      Choose from Windows 2012 R2 or Windows 2008 R2 and connect via Remote Desktop (RDP) after deployment.

      from$45/month
      Windows VPS Plans

    • Linux Cloud VPS

      Deploy your VPS in 60 seconds. Choose from CentOS, Debian, or Ubuntu and connect via SSH after deployment.

      from$25/month
      Linux VPS Plans

    • cPanel Cloud VPS

      Our cPanel cloud servers come pre-installed, just connect to the WHM web interface after deployment.

      from$70/month
      cPanel VPS Plans
  • Virtual Private Cloud
  • Server Management
  • Support
 

Using PV-GRUB to boot guests on Ubuntu Xen host

Friday, July 26, 2013

PV-GRUB (or PvGrub) is an under-advertised feature of Xen for booting para-virtualized Linux guests. It performs the same role as the more prominent PyGrub, reading /boot/grub/menu.lst from the guest's disk and then booting with the appropriate kernel and initrd.

Where they differ is that PyGrub reads this data from within a Dom0 process before the guest has started, providing a potential window for exploit by a malicious guest. PvGrub on the other hand, is utilised as the guest's kernel directly; once the guest boots PvGrub then chainloads into the guest's kernel in a similar mechanism to a regular Grub installation. As such, PvGrub is an excellent tool for commercial Xen providers who must protect their hosts against potential attacks from clients.

Unfortunately Ubuntu (and Debian) do not distribute PvGrub as part of their xen installation; as this was first reported as a bug over two years ago its safe to assume that its not likely to be fixed any time soon. While it is possible to build from source, because PvGrub is a bootable kernel it has no dependencies and can be copied as-is from another distribution.

A good source for this is Gitco, a Xen repository for CentOS 5.x . The process is simple enough - download the .rpm , extract its contents, and copy the PvGrub files into place. In the example below I have used Xen 4.1.2, the version that shipped with Ubuntu 12.04 LTS:

# Create a working area
mkdir /root/pvgrub ; cd /root/pvgrub
# Download Xen from gitco
wget http://www.gitco.de/repo/xen4.1.2/xen-4.1.2-2.el5.x86_64.rpm
# Install required tool to extract the .rpm contents
apt-get install -y rpm2cpio </dev/null
rpm2cpio xen-*.rpm | cpio -idm
# Copy PvGrub into place
mv usr/lib/xen/boot/pv* /usr/lib/xen-4.1/boot
# Cleanup
cd ; rm -rf /root/pvgrub

With PvGrub in place, its just a matter of updating the guest's Xen configuration appropriately - for example:

kernel = "/usr/lib/xen-4.1/boot/pv-grub-x86_32.gz"
extra = "(hd0,0)/grub/menu.lst"

Linux guests can now control the kernel they boot with, at no risk to the host.


By Nathan O'Sullivan

Post a comment
Preload Preload Preload