>This is pretty surprising. When a domU is actually running, dom0 isn''t >really involved (other than for IO), so its surprising grsec makes a >difference.>Do you get any console output from the guest before it crashes? I''m >wandering if its actually been built incorrectly by the domain builder >running in dom0.I don''t get any output from the guest console at all. If I do something like ''xm create -c test-domu'' I get ''Started domain test-domu'', followed by a newline, and then Dom0''s command prompt. ''xm list'' then shows the domain as crashed. Does the domain builder reside in the Dom0 kernel or is it a separate user space program? If it is a separate user space program, does it ''borrow'' any code or interfaces from the kernel source or xen-sparse tree? The grsecurity patches modify this code, and the non-grsec Dom0 referenced earlier was built from a non-patched Xen tree.>Are you using a debug build of Xen? You may get some more helpful >output.I''m not using a debug build. Do I just enable kernel debugging in the kernel .config or do I need to build Xen with options so the hypervisor itself gets debug info? Like CFLAGS=''-DDEBUG'' make world? Thanks for taking an interest, John A. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
"John Anderson" <johnha@ccbill.com> writes:>>This is pretty surprising. When a domU is actually running, dom0 isn''t >>really involved (other than for IO), so its surprising grsec makes a >>difference. > >>Do you get any console output from the guest before it crashes? I''m >>wandering if its actually been built incorrectly by the domain builder >>running in dom0. > > I don''t get any output from the guest console at all. If I do something > like ''xm create -c test-domu'' I get ''Started domain test-domu'', followed > by a newline, and then Dom0''s command prompt. ''xm list'' then shows the > domain as crashed. > > Does the domain builder reside in the Dom0 kernel or is it a separate > user space program? If it is a separate user space program, does it > ''borrow'' any code or interfaces from the kernel source or xen-sparse > tree? The grsecurity patches modify this code, and the non-grsec Dom0 > referenced earlier was built from a non-patched Xen tree.It resides mostly in tools/libxc I believe. If you set "(loglevel DEBUG)" in /etc/xen/xend-config.sxp then you will get a logfile in /var/log/xen from the domain builder detailing the memory setup in creates before starting the kernel. Maybe you can spot something there. MfG Goswin _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
> Does the domain builder reside in the Dom0 kernel or is it a separate > user space program?It''s a user space program.> If it is a separate user space program, does it > ''borrow'' any code or interfaces from the kernel source or xen-sparse > tree? The grsecurity patches modify this code, and the non-grsec Dom0 > referenced earlier was built from a non-patched Xen tree.It will be using xen headers, plus making use of some of the /proc/xen/privcmd ioctls.> >Are you using a debug build of Xen? You may get some more helpful > >output. > > I''m not using a debug build. Do I just enable kernel debugging in the > kernel .config or do I need to build Xen with options so thehypervisor> itself gets debug info? Like CFLAGS=''-DDEBUG'' make world?Edit Rules.mk and rebuild xen. Ian> > Thanks for taking an interest, > > John A. > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel