setting up a sabotage linux kvm guest

sysprep | build chroot | docker image | pkg build | xen guest | kvm guest

kvm guest | with efi

assuming the kvm host is up and running already

warningwarning

we’re using pre-built stage1 and kernel here, made available at https://lab.nethence.com/ & https://lab.nethence.com/nunux/ (might be oudated)

prepare vdiskprepare vdisk

guest=sabotage

mkdir -p /data/guests/$guest/lala/
cd /data/guests/$guest/

qemu-img create -f qcow2 $guest.qcow2 25G
modprobe nbd max_part=8

#virsh list --all
#virsh destroy $guest
device=/dev/nbd0
qemu-nbd --connect=$device $guest.qcow2

manual partitioning

fdisk $device

n
ENTER
ENTER
ENTER
+24G

n
ENTER
ENTER
ENTER
ENTER
t 2
82 (Linux swap)

a 1

w

prepare systemprepare system

create filesystems and swap space

mkfs.ext4 ${device}p1
mount ${device}p1 lala/

mkswap ${device}p2

deploy core/stage1 binaries

wget https://lab.nethence.com/sabotage-stage1.tar.gz
tar xzpSf sabotage-stage1.tar.gz
mv -f sabotage/* lala/
rmdir sabotage/
rm -f sabotage-stage1.tar.gz

mv -i lala/etc/fstab lala/etc/fstab.dist
vi lala/etc/fstab

# <file system> <dir>    <type>    <options>      <dump> <pass>

/dev/vda1         /      ext4      async,noatime,nodiratime 0 1
/dev/vda2         swap    swap      defaults        0      0

proc           /proc     proc      defaults     0      0
devpts       /dev/pts      devpts    defaults       0      0
shm         /dev/shm      tmpfs     nodev,nosuid    0      0

note both ttyS0 and tty1 are enabled already

ls -lF lala/var/service/tty1
ls -lF lala/var/service/ttyS0

get rid of the read-write check

mv -i lala/etc/rc.boot lala/etc/rc.boot.dist
sed '/hotplug/d; /hwclock/d' lala/etc/rc.boot.dist > lala/etc/rc.boot
chmod -x lala/etc/rc.boot.dist
chmod +x lala/etc/rc.boot
vi lala/etc/rc.boot

(search for rw= and get rid of the `/tmp/` write-test conditions)

mv -i lala/etc/rc.shutdown lala/etc/rc.shutdown.dist
sed '/hwclock/d' lala/etc/rc.shutdown.dist > lala/etc/rc.shutdown
chmod -x lala/etc/rc.shutdown.dist
chmod +x lala/etc/rc.shutdown

cp -pi lala/etc/profile lala/etc/profile.dist
vi lala/etc/profile

TZ="Europe/Moscow"
#TZ="Europe/Paris"

default password is sabotage but that’s already too complicated to remember – anyhow it might even be safer not to have a password at all as long as you do not allow empty passwords

ls -lF lala/etc/shadow
cp -pi lala/etc/shadow lala/etc/shadow.dist
chroot lala/ passwd -d root
diff -bu lala/etc/shadow.dist lala/etc/shadow

grab pre-built kernel

wget https://lab.nethence.com/nunux/6.1.49.domU.config
wget https://lab.nethence.com/nunux/6.1.49.domU.vmlinuz
wget https://lab.nethence.com/nunux/6.1.49.domU.modules.tar.gz

mv -i 6.1.49.domU.config lala/vmlinuz.config
mv -i 6.1.49.domU.vmlinuz lala/vmlinuz

# no modules required for that kernel - but just in case
mkdir lala/lib/modules/
tar xzf 6.1.49.domU.modules.tar.gz -C lala/lib/modules/
rm -f 6.1.49.domU.modules.tar.gz
chroot lala/ depmod -a 6.1.49.domU

# nothing
cat lala/etc/rc.modules

syslinux bootsyslinux boot

warning on slackware - you’re probably fine with official syslinux v4 against ext4, but for more advanced scenarii you might prefer syslinux-next (v6.04)

boot blocks

# debian
mbrbin=/usr/lib/syslinux/mbr/mbr.bin

# slackware (official or syslinux-next)
#mbrbin=/usr/share/syslinux/mbr.bin

dd if=$mbrbin of=$device
mkdir -p lala/boot/syslinux/

boot code

extlinux --install lala/boot/syslinux --device ${device}p1

boot config

vi lala/boot/syslinux/syslinux.cfg

serial 0 115200
console 1
nohalt 1

default linux
prompt 1
timeout 100

label linux
    linux /vmlinuz
    append root=/dev/vda1 ro console=tty1 console=ttyS0,115200n8 mitigations=off

network setupnetwork setup

echo $guest > lala/etc/hostname

mv -i lala/etc/hosts lala/etc/hosts.dist
cat > lala/etc/hosts <<EOF
127.0.0.1       localhost.localdomain   localhost
::1      localhost.localdomain   localhost

127.0.0.1       $guest

EOF

cp -pi lala/etc/rc.local lala/etc/rc.local.dist
vi lala/etc/rc.local

do_static_ip=true

if=eth0
ip=192.168.122.9
nm=255.255.255.0
gw=192.168.122.0

mv -i lala/etc/resolv.conf lala/etc/resolv.conf.dist
vi lala/etc/resolv.conf

# opendns
nameserver 208.67.222.220
nameserver 208.67.222.222

finish-upfinish-up

du -sh lala/
# 254M on ext4

umount -R lala/
rmdir lala/
qemu-nbd --disconnect $device

ready to goready to go

ls -lhF /usr/bin/qemu-system-x86_64

cat > $guest.xml <<EOF
<domain type='kvm'>
  <name>$guest</name>
  <memory unit='GiB'>1</memory>
  <currentMemory unit='GiB'>1</currentMemory>
  <vcpu placement='static'>1</vcpu>
  <os>
    <type arch='x86_64' machine='q35'>hvm</type>
    <boot dev='hd'/>
  </os>
  <devices>
    <emulator>/usr/bin/qemu-system-x86_64</emulator>
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2'/>
      <source file='/data/guests/$guest/$guest.qcow2'/>
      <target dev='vda' bus='virtio'/>
    </disk>
    <interface type='bridge'>
      <source bridge='virbr0'/>
      <model type='virtio'/>
    </interface>
    <serial type='pty'>
      <target type='isa-serial' port='0'>
    <model name='isa-serial'/>
      </target>
    </serial>
    <console type='pty'>
      <target type='serial' port='0'/>
    </console>
  </devices>
  <features>
    <acpi/>
  </features>
  <pm>
    <suspend-to-disk enabled='yes'/>
    <suspend-to-mem enabled='yes'/>
  </pm>
</domain>
EOF

and in case you need to debug booting on the crappy vga console – (within devices section)

    <graphics type='vnc' port='5900' sharePolicy='allow-exclusive'>
      <listen type='address' address='127.0.0.1'/>
    </graphics>

virsh list --all
virsh create $guest.xml --console

# debug
xtightvncviewer localhost

clean-upclean-up

virsh destroy $guest
virsh list --all
rm -rf /data/guests/sabotage/
rm -rf /data/guests/sabotage-efi/

HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Licensed under MIT