[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] ssh in rc.local stalls xenU [SOLVED]

on Thu, Dec 15, 2005 at 04:51:52PM -0500, Steve Brueckner 
(steve@xxxxxxxxxxxxxx) wrote:
> Karsten M. Self wrote:
> > on Thu, Dec 15, 2005 at 01:38:29PM -0500, Steve Brueckner
> > (steve@xxxxxxxxxxxxxx) wrote: 
> >> I'm using Fedora Core 4.  I need to create an ssh port forwarding
> >> tunnel to my xen0 domain when my xenU domain starts up, so I added
> >> this to the xenU's /etc/rc.d/rc.local:
> >> 
> >> ssh -v -f -L 5500:localhost:5501 xen0_ip tail -f /dev/null
> >> 
> >> This causes my VM to pause for about 3 minutes during boot.
> >> Furthermore, the ssh tunnel never gets created.  The ssh command is
> >> stalling at "Connecting to (xen0_IP) port 22"
> > 
> > It would be useful to see what's happening on the remote (well,
> > local) server side.  Check sshd's logs, and/or run it manually in
> > debug mode and watch its output as the connection is being attempted:

<...>

> Ah, I should have thought of this earlier.  My custom SELinux policy
> disables networking for unconfined_t, so it puts ssh into sshd_t (which
> allows networking).  But it only puts ssh into sshd_t when started by root;
> there was no transition specified in my policy that ssh should go into
> sshd_t when started by initrc_t.  A couple of lines in my
> domains/program/ssh.te fixed it:
> 
> role initrc_t types sshd_t;
> domain_auto_trans(initrc_t, sshd_exec_t, sshd_t)
> 
> So, the network was in fact up but I was shooting myself in the foot.  This
> is definitely not a Xen-related issue.  Thanks for your responses; I
> appreciate the help.

SOP for us is to disable SELinux when using Xen for a number of reasons,
as documentation indicates.

You can set 'selinux=0' as a Linux boot parameter to do this globally,
and might want to add that as a debug/test step to isolate SELinux
issues from other possibilities, if you must run SELinux.


Cheers.

-- 
Karsten M. Self <karsten@xxxxxxxxxxxxx>
XenSource, Inc.
2300 Geng Road #250                                +1 650.798.5900 x259
Palo Alto, CA 94303                                +1 650.493.1579 fax

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.