Re: Building domains as a lesser user (was Re: boot loaders for domain != 0)

[Anthony Liguori <anthony@codemonkey.ws>]

Ian Pratt wrote:

>One fairly simple option is to use Linux as a domU boot loader. Boot
>with an intrd, 
>mount the specified filesystem, read off grub.conf, display a menu over
>the xencons, kexec the appropriate kernel.
>
>I'd have to think through whether kexec would need modifications, but I
>believe it uses the same 32 bit kernel entry point that xen/linux does
>(no grubby 16bit nastiness). 
>  
>
Yeah, I think kexec would work but unfortunately it's not part of the 
kernel yet.  It could be folded into Xen but I agree with Jeremy that it 
seems like overkill.  Boot through Linux just to get to a grub screen 
seems a little strange too.

Jacob's two-stage approach would work although it requires a lot of 
custom code.  It also makes it pretty difficult to support new types of 
loaders.  And you still have a point of failure with that "trusted" 
loader.  I don't think you ever really see a graphical boot using this 
approach either.  Getting a system going with xlibs working would 
basically put you back at the kexec() solution.

I've got the user-space boot loader working quite nicely.  I want to 
test at the systems in the office though so I'll post it sometime 
tomorrow.  In the very least, it can be used a data point.  It seems 
like a very appealing solution if the security concerns can be addressed.

Regards,

Anthony Liguori
anthony@codemonkey.ws



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl