Lguest: Frequently Asked Questions
- Q: Lguest stops after "Starting periodic command scheduler: crond."
- A: You need to edit your image to tell it to run a getty on
/dev/hvc0 (the lguest console). This is usually in /etc/inittab or
/etc/event.d/.
- Q: hwclock segmentation faults!
- A: This is normal: hwclock tries to program the hardware clock which it
can't reach, and fails.
- Q: What kernel is lguest in?
- A: It is 2.6.23 and above.
- Q: Why don't I have a console when I boot my image?
- A: Most images are set up to create a console virtual consoles (/dev/tty0 etc), but the lguest console is /dev/hvc0: look for a line like "1:2345:respawn:/sbin/getty 38400 tty1" in /etc/inittab and change "tty1" to "hvc0".
- Q: Is the guest isolated from the host?
- A: Lguest aims to isolate the guest so it cannot reach outside to the host (except for virtual devices supplied by the host of course), even if the guest is malicious. However, a malicious guest kernel can currently pin host memory (up to the amount of memory allowed to the guest).
- Q: Is lguest secure?
- A: I hope so and it's fairly simple, but there can be no
guarantees. If isolation fails in some way (ie. there are bugs)
it's possible that the guest could crash the host kernel, or even
cause an overflow. A bug in device emulation might allow the guest
to control the launcher, which runs as root. A little more security
could be gained by having the launcher drop root privileges after
opening /dev/lguest and the tun/tap device.
- Q: What's the difference between lguest and
KVM?
- A: Kvm requires hardware virtualization support (most recent Intel and
AMD chips have it), but it can run almost any Operating System since it
does full virtualization. It also has 64-bit support. Lguest doesn't
do full virtualization: it only runs a Linux kernel with lguest support.
- Q: What's the difference between lguest and
Xen?
- A: Xen is similar, in that it doesn't need hardware virtualization
support (although it can use it), but Xen supports an extensive range of
features such as PAE (ie. lots of memory), SMP guests, 64-bit. You have
to boot your kernel under the Xen hypervisor; you can't simply modprobe
when you want to create a guest.
- Q: What's the difference between lguest and
User Mode Linux?
- A: User Mode Linux is a port of Linux to userspace: guests are
specially-compiled "UML" kernels. They run on just about any host, and
do not require VT support. lguest uses the same kernel image (compiled
with CONFIG_LGUEST) as host and guest.
- Q: Why would I want to use lguest?
- A: Maybe you don't! Lguest is designed to be simple to use and modify,
with the aim of keeping the codebase small. Currently it's around 5000
lines including userspace utility, whereas kvm is over 10 times that
size, and Xen is around 10 times bigger again (of course, both have far
more features).
- Q: Would lguest be good for running CPU-intensive virtualized jobs in a
cluster?
- A: Once suspend and resume are implemented, it could be a decent fit.
You could then migrate jobs around to balance load. Unfortunately,
migration can be hard for reasons not specific to lguest (TCP
connections, filesystems), so it might not be trivial depending on what
you're doing.
Rusty Russell: rusty@rustcorp.com.au.