Document potential need for the vsyscall=emulate kernel commandline option
This commit is contained in:
Axel Beckert
@@ -130,6 +130,19 @@ users via a login shell you can have a look at the (currently
|
||||
unmaintained) [xen-shell](https://xen-tools.org/software/xen-shell/)
|
||||
project.
|
||||
|
||||
### Caveats
|
||||
|
||||
For security reasons (avoid risk to circumvent ASLR), recent kernels
|
||||
have disabled the `vsyscall` mapping. Unfortunately older
|
||||
distributions don't run and hence can't be bootstrapped without it.
|
||||
|
||||
To enable trapping and enabling emulate calls into the fixed
|
||||
vsyscall address mapping and hence to run and bootstrap older Linux
|
||||
distributions in a chroot (as xen-tools does), you need to add
|
||||
`vsyscall=emulate` to the kernel commandline, e.g. by adding it to
|
||||
`GRUB_CMDLINE_LINUX_DEFAULT` in `/etc/default/grub`, then running
|
||||
`update-grub` afterwards and finally reboot.
|
||||
|
||||
|
||||
Installation
|
||||
------------
|
||||
|
||||
@@ -55,6 +55,10 @@ Bugs to fix and features to add for 5.0
|
||||
`xen-create-image` first. Which probably both would be a good
|
||||
idea.
|
||||
|
||||
* Maybe check for `vsyscall=emulate` in `GRUB_CMDLINE_LINUX_DEFAULT`
|
||||
in `/etc/default/grub` if trying to install an affected Linux
|
||||
distribution.
|
||||
|
||||
Stuff from Steve's TODO list / Generic TODOs
|
||||
--------------------------------------------
|
||||
|
||||
|
||||
15
debian/NEWS
vendored
15
debian/NEWS
vendored
@@ -1,3 +1,18 @@
|
||||
xen-tools (4.8-1) unstable; urgency=medium
|
||||
|
||||
For security reasons (avoid risk to circumvent ASLR), recent
|
||||
kernels have disabled the vsyscall mapping. Unfortunately older
|
||||
distributions don't run and hence can't be bootstrapped without it.
|
||||
|
||||
To enable trapping and enabling emulate calls into the fixed
|
||||
vsyscall address mapping and hence to run and bootstrap older Linux
|
||||
distributions in a chroot (as xen-tools does), you need to add
|
||||
"vsyscall=emulate" to the kernel commandline, e.g. by adding it to
|
||||
GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub, then running
|
||||
"update-grub" afterwards and finally reboot.
|
||||
|
||||
-- Axel Beckert <abe@debian.org> Thu, 07 Feb 2019 17:40:03 +0100
|
||||
|
||||
xen-tools (4.4~beta1-1) unstable; urgency=low
|
||||
|
||||
* Exported environment variables no more contain dashes ("-"). Dashes in
|
||||
|
||||
2
debian/changelog
vendored
2
debian/changelog
vendored
@@ -56,6 +56,8 @@ xen-tools (4.8-1) UNRELEASED; urgency=medium
|
||||
xen-tools package also on older Debian or Ubuntu releases.
|
||||
* Suggest grub-xen-host despite the proper support for it is not
|
||||
finished.
|
||||
* Add a note about "vsyscall=emulate" and older Linux distributions to
|
||||
debian/NEWS. Thanks to James Clarke and Jason Crain for the hint!
|
||||
|
||||
[ Jelmer Vernooij ]
|
||||
* Trim trailing whitespace from debian/changelog. (GH #54)
|
||||
|
||||
Reference in New Issue
Block a user