[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 1/4] tools/hotplug: remove SELinux options from var-lib-xenstored.mount



Using SELinux mount options per default breaks several systems. Either
the context= mount option is not known at all to the kernel, or the
default value "none" is unknown to SELinux. In both cases the unit will
fail.

The proper place to specify mount options is /etc/fstab. Appearently
systemd is kind enough to use values from there even if Options= or
What= is specified in a .mount file.

Remove XENSTORED_MOUNT_CTX, the reference to a non-existant
EnvironmentFile and trim default Options= for the mount point.

The removed code was first mentioned in the patch referenced below, with
the following description:
...
 * Some systems define the selinux context in the systemd Option for the
   /var/lib/xenstored tmpfs:
       Options=mode=755,context="system_u:object_r:xenstored_var_lib_t:s0"
   For the upstream version we remove that and let systems specify the context
   on their system /etc/default/xenstored or /etc/sysconfig/xenstored
   $XENSTORED_MOUNT_CTX variable
...
It is nowhere stated (on xen-devel) what "Some systems" means, which is
unfortunately common practice in nearly all opensource projects.
http://lists.xenproject.org/archives/html/xen-devel/2014-03/msg02462.html

Signed-off-by: Olaf Hering <olaf@xxxxxxxxx>
Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Cc: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Cc: Ian Campbell <ian.campbell@xxxxxxxxxx>
Cc: Wei Liu <wei.liu2@xxxxxxxxxx>
Cc: Anthony PERARD <anthony.perard@xxxxxxxxxx>
Cc: M A Young <m.a.young@xxxxxxxxxxxx>
Cc: Luis R. Rodriguez <mcgrof@xxxxxxxxxxxxxxxx>
---
 tools/hotplug/Linux/systemd/var-lib-xenstored.mount.in | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/tools/hotplug/Linux/systemd/var-lib-xenstored.mount.in 
b/tools/hotplug/Linux/systemd/var-lib-xenstored.mount.in
index d5e04db..11a7d50 100644
--- a/tools/hotplug/Linux/systemd/var-lib-xenstored.mount.in
+++ b/tools/hotplug/Linux/systemd/var-lib-xenstored.mount.in
@@ -6,9 +6,7 @@ ConditionPathExists=/proc/xen/capabilities
 RefuseManualStop=true
 
 [Mount]
-Environment=XENSTORED_MOUNT_CTX=none
-EnvironmentFile=-@CONFIG_DIR@/@CONFIG_LEAF_DIR@/xenstored
 What=xenstore
 Where=@XEN_LIB_STORED@
 Type=tmpfs
-Options=mode=755,context="$XENSTORED_MOUNT_CTX"
+Options=mode=755

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.