cstrap

cstrap

[Jacob Gorm Hansen]

hi,

I've released the latest source for 'cstrap' which is a minimal guest
domain that is able to decode a special type of ramdisk containing a
Linux ELF image, and cmdline and memory information.

The source is available at www.diku.dk/~jacobg/cstrap.tar.gz

You need to unpack it in your xen checkout, the you will get the
directories extras/cstrap and tools/migrate.

To build;

$ cd extras/mstrap
$ jam

(you need to have jam installed, in debian or gentoo just apt-get
install jam / emerge jam).

That will give you the files cstrap and linux_loader, in the 'build'
directory at the toplevel.

in tools/migrate is a small tool called pack.c, which creates the input
ramdisk from linux_loader, a kernel image (uncompressed), and an
optional ramdisk. Currently you will need to edit and compile that
yourself, with

$ cc -o pack pack.c

You then create a domain from cstrap using xm create or vm-tools, and
you need to make sure is has room to expand its reservation with 16 megs
(I needed to hack vm-create to be allowed to specify this at domain
creation time, the exact amount can be changed in pack.c) and
specifiying the output of pack.c as the initial ramdisk image.

The new cstrap guest VM will then start up, decode the linux ELF from
its ramdisk, and turn over control. If everything is working, you now
have a normal, running Linux VM.

The reason you may want this is that

a) you don't need to worry about ELF parsing attacks on dom0, and
b) you can write arbitrary untrusted guest loaders (builders) without
changing software in dom0.

Jacob

Re: cstrap

[Grzegorz Milos]

Ok, it looks like you are working with testing. Right? I've traced removal of 
MAX_CMDLINE to a changset on 8th of June. While your post is from 11th. Which 
means that you would already have to take the name change into account. 

Do you happen to have sources for unstable?
Thanks
Gregor

> hi,
>
> I've released the latest source for 'cstrap' which is a minimal guest
> domain that is able to decode a special type of ramdisk containing a
> Linux ELF image, and cmdline and memory information.
>
> The source is available at www.diku.dk/~jacobg/cstrap.tar.gz
>
> You need to unpack it in your xen checkout, the you will get the
> directories extras/cstrap and tools/migrate.
>
> To build;
>
> $ cd extras/mstrap
> $ jam
>
> (you need to have jam installed, in debian or gentoo just apt-get
> install jam / emerge jam).
>
> That will give you the files cstrap and linux_loader, in the 'build'
> directory at the toplevel.
>
> in tools/migrate is a small tool called pack.c, which creates the input
> ramdisk from linux_loader, a kernel image (uncompressed), and an
> optional ramdisk. Currently you will need to edit and compile that
> yourself, with
>
> $ cc -o pack pack.c
>
> You then create a domain from cstrap using xm create or vm-tools, and
> you need to make sure is has room to expand its reservation with 16 megs
> (I needed to hack vm-create to be allowed to specify this at domain
> creation time, the exact amount can be changed in pack.c) and
> specifiying the output of pack.c as the initial ramdisk image.
>
> The new cstrap guest VM will then start up, decode the linux ELF from
> its ramdisk, and turn over control. If everything is working, you now
> have a normal, running Linux VM.
>
> The reason you may want this is that
>
> a) you don't need to worry about ELF parsing attacks on dom0, and
> b) you can write arbitrary untrusted guest loaders (builders) without
> changing software in dom0.
>
> Jacob
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel

-- 
Quidquid latine dictum sit, altum viditur --- Anon