[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 0/7 v3] tools/hotplug: systemd changes for 4.5



On Mon, Dec 22, 2014 at 09:06:40AM +0100, Olaf Hering wrote:
> On Fri, Dec 19, Konrad Rzeszutek Wilk wrote:
> 
> > On Fri, Dec 19, 2014 at 12:25:26PM +0100, Olaf Hering wrote:
> > > This is a resend of these two series:
> > > http://lists.xenproject.org/archives/html/xen-devel/2014-12/msg00858.html
> > > http://lists.xenproject.org/archives/html/xen-devel/2014-12/msg00669.html
> > > 
> > > New in v3 is a wrapper to run xenstored. See its patch description
> > > for details.
> > > 
> > > Patch 2-6 should be applied for 4.5.0.
> > > 
> > > The first and the last one still has issues with xenstored and
> > > SELinux. See below.  Up to now no solution is known to me.
> > > 
> > > 
> > > The first patch fixes Arch Linux and does not break anything.  As such
> > > it should be safe to be applied for 4.5.0.  SELinux users (who build
> > > from source) should put their special mount options into fstab. Distro
> > 
> > Could you elaborate what that is? As in what is that 'special mount 
> > options'?
> 
> The context= mount option, about which we argue since a few weeks?

You said 'special mount options into fstab' ? Is that the same as 'context='??
(checks the manpage) AHA, it is!


In which case would it just to say that this needs to be added as
a workaround:

xenstored /var/lib/xenstored xenstored 
context="system_u:object_r:xenstored_var_lib_t:s0" 1 1

> See patch #1.
> 
> > > packages will most likely include a proper .service file.
> > > 
> > > 
> > > The last patch addresses the XENSTORED_TRACE issue. But SELinux will
> > > most likely still not work.
> > > 
> > > Possible ways to handle launching xenstored and SELinux:
> > > 
> > > - do nothing
> > >   pro: - no Xen source changes required
> > >   con: - possible unhappy users who build from source and still have
> > >          SELinux enabled
> > 
> > At this stage I prefer this and just have in the release notes the
> > work-around documented.
> 
> Which workaround is that? No SELinux on Fedora?

That is not an option.

The workaround is to document what the 'context' is .. or whatever
else is needed to make this work.

> 
> Olaf

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.