Much of the discussion within the open source community about Linux virtualization has revolved
around the hypervisor, Xen. A hypervisor is a virtual machine monitor that allows you to run guest
operating systems on top of your host. In simple terms this means that you can run a Windows
virtual machine or NetBSD virtual machine on top of a Red Hat, Debian, or other Linux platform.
But, the kernel mainline has been slow to adopt Xen (torturously slow) and the main Xen patches
were only merged in the as yet unreleased 2.6.23 kernel.
Recently, two new hypervisors, lguest and KVM, were introduced to the Linux kernel community.
Both projects are in their infancy compared to Xen and occupy a small niche in the virtualization
space. But rapid development is underway in both projects and this could mean some interesting
diversification and developments in Linux virtualization. In this tip we'll take a closer look at
lguest and see how it works.
What is lguest?
The lguest project, developed by Rusty Russell of iptables fame, is a simple virtualization
project. It allows the full virtualization of guest kernels. Currently only the Linux kernel itself
is supported as a guest, on stock x86 hardware. Support for 64-bit and SMP is also planned. Like
Xen, lguest will debut in the mainline kernel in release 2.6.23.
At about 5000 lines of code, lguest is very compact but feature-poor when compared
At present lguest is a little awkward to use and not yet production-ready. You can currently
only guest Linux kernels with lguest support (so only 2.6.23+ kernels) and there are no fancy
user-space tools to manage guests, let alone GUI-based management consoles.
Now, let's get lguest up and running. This assumes you understand how to re-compile your own
kernel (thus I recommend you do this in a test environment rather than on a production
First, download the latest kernel source, which at the time of writing was 2.6.23-rc3. Then
compile your kernel.
$ tar -zxf linux-2.6.23-rc3.tar.gz $ cd linux-2.6.23-rc3 $ make mrproper $ make menuconfig
You will need to ensure you set the following options:
CONFIG_HIGHMEM64G=n ("High Memory Support" "64GB") CONFIG_TUN=m ("Universal TUN/TAP device driver support") CONFIG_EXPERIMENTAL=y ("Prompt for development and/or incomplete code/drivers") CONFIG_PARAVIRT=y ("Paravirtualization support (EXPERIMENTAL)") CONFIG_LGUEST=m ("Linux hypervisor example code")
CONFIG_HZ=100 ("Timer frequency")
Make and install your kernel:
$ make $ sudo make modules_install install
Install the new kernel, update your boot loader, and reboot.
Or, rather than manually compile your kernel, you may alternatively wish to use your
distribution's kernel installation mechanism (for example, make-kpkg on Debian and Ubuntu).
Now you need to compile the user-space lguest tool. It comes with the kernel source package and
is located in the Documentation/lguest directory.
$ cd linux-2.6.23-rc3/Documentation/lguest $ make O=yourkernelbuildtree
Install the lguest binary somewhere appropriate on your host.
To enable lguest support you just need to modprobe the lg module:
# modprobe lg
You should see something like the following message in your syslog output indicating if the
module has loaded correctly.
Aug 30 22:46:05 debian kernel: lguest: mapped switcher at ffc00000
We next need to find a root disk image. It can be either download one like http://xm-test.xensource.com/ramdisks/initrd-1.1-i386.img
or made from a distribution ISO using a tool like debootstrap.
Russell also suggests using a distribution ISO, installing it under QEMU, and cloning it to make
Now you can launch lguest using the lguest binary (running it as root):
# lguest 64m /boot/vmlinuz --tunnet=bridge:br0 --initrd=/boot/initrd.img-2.6.23-rc3 --block=rootfile root=/etc/lgba
Let's have a look at this command line. The first option, 64m, is the memory allocated for the
guest. Then we specify the kernel itself, which is vmlinux. Next, we specify networking; in this
case we've bridged an interface, br0 (you can read about bridging at http://linux-net.osdl.org/index.php/Bridge.)
You can use a variety of methods to get network access for guests. These are detailed in the lguest
We've specified the initrd and the root file and the boot options. The initial ramdisk file is
specified using the --initrd option and the root file using the --block option (the root file will
become /dev/lgba in the guest). The root= specified provides the kernel boot options, in this case
the instantiation of our root file, /etc/lgba.
And that's it! You've launched lguest and initiated your first guest.
Keep in mind that lguest is very new and you will probably stumble across one or two bugs. You
may also find that some features are not available at the moment. But lguest is a very fast and
easy way to get started with virtualization and you will be certain to see and hear more about it
when the 2.6.23 kernel is released and more widely implemented.
You can read more about lguest, including some further documentation and a mailing list, at http://lguest.ozlabs.org/lguest.txt.
About the author: James Turnbull is the author of Hardening Linux and a security
consultant at the Commonwealth Bank of Australia. He is also the resident security
expert for SearchEnterpriseLinux.com.
This was first published in September 2007