Re: [Xen-devel] [PATCH 0/4 v2] tools/hotplug: systemd changes for 4.5

[M A Young <m.a.young@xxxxxxxxxxxx>]

On Thu, 11 Dec 2014, Olaf Hering wrote:

> On Wed, Dec 10, Konrad Rzeszutek Wilk wrote:
>
> > On Mon, Dec 08, 2014 at 11:18:05AM +0100, Olaf Hering wrote:
> > > This is a resend of this series, with just the low hanging fruits:
> > > http://lists.xenproject.org/archives/html/xen-devel/2014-12/msg00669.html
> > This looks like it would fix some of the issues I saw. I will test it
> > over today.
> > Please also CC Michael (Fedora Xen maintainer) on these changes (I've CC-ed
> > him here).
> It would be nice to know if the entire chain of dependencies fails, or
> just that unit. Furthermore it would be nice to know if there needs to
> be anyhing related to SELinux in the xen sources. In other words, would
> xenstored behave correctly if that tmpfs mount would be done without any
> options?
Yes, you do need to set explicit selinux permissions when mounting 
/var/lib/xenstored as otherwise it gets a tmpfs selinux context which 
xenstored can't use in enforcing mode.
The other selinux issue is that it seems you can't run xenstored through a 
shell script wrapper, because it still has startup shell script selinux 
permissions when it is trying to connect to the sockets, so it doesn't 
work. It does work if you run xenstored directly from the systemd file.
        Michael Young

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel