Re: [PATCH 1/5] tools/hotplug: move XENSTORED_MOUNT_CTX to sysconfig.xencommons

[Olaf Hering <olaf@aepfle.de>]

On Fri, Dec 05, Ian Jackson wrote:

> Olaf Hering writes ("[PATCH 1/5] tools/hotplug: move XENSTORED_MOUNT_CTX to sysconfig.xencommons"):
> > On a non-SELinux system the mount option "context=none" works fine. But
> > with SELinux enabled a proper value has to be defined. To simplify the
> > required adjustment move XENSTORED_MOUNT_CTX from the service file to
> > the sysconfig file.
> 
> This patch looks like just the hook.  It seems to be missing the part
> where the actual selinux context is defined and plumbed through.

The context in xen source is "none". As asked in the cover letter (which
unfortunately got send to just Konrad and xen-devel, no idea how to fix
that) a configure --with-something may be the way to inject it into the
sources, if required.

> > There is no need to require the creation of a new sysconfig file, just
> > reuse the existing /etc/sysconfig/xencommons file.
> 
> This seems to be an unrelated change ?  If not I confess I don't see
> the connection.

The context has to be defined somewhere. And that place is
sysconfig/xencommons.

> > --- a/tools/hotplug/Linux/systemd/var-lib-xenstored.mount.in
> > +++ b/tools/hotplug/Linux/systemd/var-lib-xenstored.mount.in
> ...
> >  [Mount]
> > -Environment=XENSTORED_MOUNT_CTX=none
> > -EnvironmentFile=-@CONFIG_DIR@/@CONFIG_LEAF_DIR@/xenstored
> > +EnvironmentFile=@CONFIG_DIR@/@CONFIG_LEAF_DIR@/xencommons
> 
> And won't this break existing systems which have an
> /etc/{default,sysconfig}/xenstored ?

Which systems would that be? That file is new in 4.5.

Olaf