[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount
On 09/15/2015 04:12 PM, Konrad Rzeszutek Wilk wrote: > On Tue, Sep 15, 2015 at 03:01:31PM +0100, George Dunlap wrote: >> On 09/15/2015 02:58 PM, Konrad Rzeszutek Wilk wrote: >>> On Tue, Sep 15, 2015 at 01:55:15PM +0100, George Dunlap wrote: >>>> On Tue, Sep 15, 2015 at 1:48 PM, Olaf Hering <olaf@xxxxxxxxx> wrote: >>>>> On Tue, Sep 15, George Dunlap wrote: >>>>> >>>>>> It's very reasonable for you to expect it to be fixed on non-SELinux >>>>>> systems. But what you did is fix it for non-SELinux systems by simply >>>>>> breaking it on SELinux systems -- that's not at all reasonable. >>>>> >>>>> Konrad did some testing at that time and said 4.5 was ok. >>>>> Why is 4.6 broken now? >>>> >>>> OK -- I see that he committed it, but I didn't see him say that he had >>>> tested this particular patch. It would be interesting to find out why >>>> it worked for him. >>> >>> It just worked out of the box when I installed an source build of the Xen >>> on a virgin Fedora box. >>> >>> I am not sure how it worked if SELinux ended up being disabled! >> >> So how did you install Xen? "make install"? Or did you do "make rpmball"? > > ./configure --enable-systemd --prefix=/usr > > make -j31556 > make install > > cat README | grep systemctl > [paste all of those in the command line] > > grub2-mkconfig -o /boot/grub/grub2.cfg > > reboot Right -- so you never did "restorecon" or "fixfiles -f relabel" or "touch /.autorelabel" or anything explicitly to give the installed binares their selinux labels? In which case I'm *guessing* that you never actually set up selinux for the Xen binares, and the reason it worked for you was that you weren't actualling using the selinux rules. >> Is it possible that /usr/sbin/xenstored never got the default selinux >> label, and so never had any issues from the fact that /var/lib/xenstored >> also didn't have the proper label? > > > I think you are asking me to try this once more and seeing if > I see the error you think I should be seeing :-) > > I can certainly do that - but not today. Would Friday be OK? Well, I did think about asking you to try again, but I purposely didn't. :-) Since you've offered though, yes, it would be good if you could do exactly what you did before, and then look at ls -lZ /usr/sbin/xenstored And then, perhaps, do "touch /.autorelabel" (assuming that works on Fedora the way it works on CentOS), reboot, and see what happens (and what ls -lZ /usr/sbin/xenstored comes up with)? I won't be working Friday, but I'll be back in Monday. Thanks, -George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |