From mboxrd@z Thu Jan  1 00:00:00 1970
From: Olaf Hering <olaf@aepfle.de>
Subject: Re: Xen 4.5 Development Update (RC4)
Date: Wed, 17 Dec 2014 08:55:10 +0100
Message-ID: <20141217075510.GA678@aepfle.de>
References: <20141216161352.504FA124EF2@laptop.dumpdata.com>
	<20141216163451.GA18976@aepfle.de>
	<20141216204601.GA11551@konrad-lan.dumpdata.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <olaf@aepfle.de>) id 1Y19S1-00032g-MC
	for xen-devel@lists.xenproject.org; Wed, 17 Dec 2014 07:55:18 +0000
Content-Disposition: inline
In-Reply-To: <20141216204601.GA11551@konrad-lan.dumpdata.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: xen-devel@lists.xenproject.org
List-Id: xen-devel@lists.xenproject.org

On Tue, Dec 16, Konrad Rzeszutek Wilk wrote:

> On Tue, Dec 16, 2014 at 05:34:51PM +0100, Olaf Hering wrote:
> > On Tue, Dec 16, konrad.wilk@oracle.com wrote:
> > 
> > > In terms of bugs, we have:
> > 
> > ... systemd SELinux, but its not listed.
> 
> > 
> > Whats your plan with the failures you see? Should I continue to be
> > concerned about that, or will all the be postponed to 4.6?
> 
> I was under the impression you had some patches which would solve a
> majority of the issues? And after the discussion with Ian Jackson the
> way to exec was solved?

No. What I did was to handle XENSTORED_TRACE which is just a bool to
pass "-T /log/file" to xenstored. I think xenstored can not access the
sockets if it was launched with a shell script as it is done now. 
No idea how to solve that. Maybe "/usr/bin/env $XENSTORED" could be a
workaround for the SELinux socket access issue. But perhaps launching it
via env or sh fails either way.

> And for the other - the SELinux context and how to figure this out -
> I thought (I will have to double-check it tomorrow) that I mentioned it might
> make sense to talk to the SELinux maintainers to see if they have any
> recommendation?

For xen-4.5 the easy way would be to remove the context= option and let
people who build from source and who want to use SELinux put the
required options into /etc/fstab. This would also resolve the issue
Anthony is seeing, his mount or kernel does not understand context= at
all. No idea how he got into that state in his Arch Linux installation.

Olaf