On 14.01.26 09:20, Alexandre GRIVEAUX wrote:
Le 14/01/2026 à 08:43, Jürgen Groß a écrit :Yes. This is why I don't like the wording "inside guest", which is just not true.Before wasting more time for that side, there is chroot with bind-mount of DomU FS. Rephrasing like this should be more than enough: # Enable to use a grub2 emulation boot instead of direct kernel boot.Please be aware that we are trying to phase out pygrub, as it widens the attack surface of dom0 from a guest. pygrub needs to look into guest controlled file systems, so any bug in the related code (e.g. failure to handle a corrupted or maliciously modified file system) might result in security issues like code injection.Effectively, if pygrub is on verge of being phased out, there is not need for this patch...
:-)
But could you point me to the discussion of alternatives ? As pygrub allow a more easy management...
Oh, the fun of selecting the grub variant. :-) There are: - pygrub as discussed already - grub-pv (32- and 64-bit) and grub-pvh: official flavors of grub2 for PV and PVH guests, selected by specifying them as the kernel to boot, running in domU context - pvgrub (32- and 64-bit): legacy grub 0.97 variants based on Mini-OS for PV guests, selected by specifying them as the kernel to boot, running in domU context
Should this be noted to the wiki ?
Yes. Documentation should really be enhanced.
So I'm on the edge whether we really should make it easier to use pygrub.Legit, Should patch subject need to be [RFC PATCH] ?
No, I don't think so. Others might have other opinions than me regarding pygrub. Juergen
OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
