[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen 4.5 Development Update (RC4)



On Tue, Dec 16, Konrad Rzeszutek Wilk wrote:

> On Tue, Dec 16, 2014 at 05:34:51PM +0100, Olaf Hering wrote:
> > On Tue, Dec 16, konrad.wilk@xxxxxxxxxx wrote:
> > 
> > > In terms of bugs, we have:
> > 
> > ... systemd SELinux, but its not listed.
> 
> > 
> > Whats your plan with the failures you see? Should I continue to be
> > concerned about that, or will all the be postponed to 4.6?
> 
> I was under the impression you had some patches which would solve a
> majority of the issues? And after the discussion with Ian Jackson the
> way to exec was solved?

No. What I did was to handle XENSTORED_TRACE which is just a bool to
pass "-T /log/file" to xenstored. I think xenstored can not access the
sockets if it was launched with a shell script as it is done now. 
No idea how to solve that. Maybe "/usr/bin/env $XENSTORED" could be a
workaround for the SELinux socket access issue. But perhaps launching it
via env or sh fails either way.

> And for the other - the SELinux context and how to figure this out -
> I thought (I will have to double-check it tomorrow) that I mentioned it might
> make sense to talk to the SELinux maintainers to see if they have any
> recommendation?

For xen-4.5 the easy way would be to remove the context= option and let
people who build from source and who want to use SELinux put the
required options into /etc/fstab. This would also resolve the issue
Anthony is seeing, his mount or kernel does not understand context= at
all. No idea how he got into that state in his Arch Linux installation.

Olaf

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.