[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 0/4 v2] tools/hotplug: systemd changes for 4.5

On Thu, Dec 11, M A Young wrote:

> Yes, you do need to set explicit selinux permissions when mounting
> /var/lib/xenstored as otherwise it gets a tmpfs selinux context which
> xenstored can't use in enforcing mode.

Is that "enforcing mode" the default? And would it be too cumbersome to
have these context settings in fstab?

> The other selinux issue is that it seems you can't run xenstored through a
> shell script wrapper, because it still has startup shell script selinux
> permissions when it is trying to connect to the sockets, so it doesn't work.
> It does work if you run xenstored directly from the systemd file.

This sounds like xenstored has to parse the possible environment
variables found in sysconfig.xencommons all by itself? Is there perhaps
a way out of the SELinux jail?


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.