-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi all,
We're considering dropping support for "qemu-traditional" stubdomain in
Qubes R4.1. The qemu-traditional is a very old fork of qemu, semi-maintained
by Xen, but in practice receiving very little attention. Maintaining
working stubdomain with it, although theoretically supported upstream,
require significant number of patches (for example to have PCI
passthrough working).
Since Qubes R4.0, the default stubdomain implementation use upstream
qemu in a Linux-based stubdomain. This is a thing still not available in
upstream Xen, but I'm working on it.
The nice thing about this stubdomain implementation is actually
maintained qemu version, including security related features like
running it sandboxed with seccomp (in addition to PV stubdomain). The
bad thing is larger memory footprint (~150MB compared to ~40MB).
Stubdomain is needed only for HVM domains, so basically any non-Linux
VM, plus VMs with PCI devices (until PVH domain would get PCI
passthrough support).
One reason to keep qemu-traditional support, besides lower memory usage,
is running a VM which was installed with it. Some systems (like Windows)
may not like switching to newer stubdomain, without reinstallation, as
such switch will change what devices are emulated (different disk
controller, different chipset etc). But I'm not sure if that's important
enough, especially since Qubes Windows Tools for R4.0 in practice also
means Windows reinstallation in many cases (it is quite complex to
update them in place, or uninstall old one without breaking the VM).
In Qubes R4.0 it's possible to choose stubdomain version:
- - the new one (default):
qvm-features -D VMNAME linux-stubdom
- - the old one:
qvm-features VMNAME linux-stubdom ''
The old one is automatically set when restoring a HVM backup from Qubes
3.2 or older. If you have such VM, you can try switching to the new
stubdomain and see how it works.
Any opinions?
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlywokoACgkQ24/THMrX
1ywk/gf/dTYWKna0YJNh9oIoulgAs8TLMtMwbEyePRjp8e8H1r71rkQ4pZfHKWGN
p9T0jJiq6kYiqV4S86/ob9CAwqcSfbK2yEISPwAlF09j+tzL0jVqhEKD5iTF9EMT
LK75fJb+HQsdozGlRTgwhhfwe+WjW+eLJhm9lu1LdgXyL21yV+fost5fOxsOLN8R
2yZWnbw8QfjHLRGZtom7vV7afUA6/IYvmvnfKh9ONDgjkrnpCqBY0OTbkdnlIaFP
tEKvvdR4v9rNh7JpeUm5Nk6Tcw5/r2yW3+OEBmFfSCKuVfi+RZSpcr9kjlwmMcE3
prjS4XKW1rTZWAZ3SQFGR9z1qkYWJw==
=17st
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-devel@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/20190412143555.GB1728%40mail-itl.
For more options, visit https://groups.google.com/d/optout.
