From mboxrd@z Thu Jan  1 00:00:00 1970
From: George Dunlap <george.dunlap@citrix.com>
Subject: Re: [PATCH 1/7] tools/hotplug: remove SELinux options
 from var-lib-xenstored.mount
Date: Thu, 10 Sep 2015 15:17:48 +0100
Message-ID: <55F1910C.7040103@citrix.com>
References: <1418988333-5404-1-git-send-email-olaf@aepfle.de>
	<1418988333-5404-2-git-send-email-olaf@aepfle.de>
	<CAFLBxZZY7Yi+u5veuN40v_6jKZd9z7o6FFxdX_8bZw-13zV=0w@mail.gmail.com>
	<alpine.LFD.2.20.1509101507300.2475@algedi.dur.ac.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <alpine.LFD.2.20.1509101507300.2475@algedi.dur.ac.uk>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: M A Young <m.a.young@durham.ac.uk>, George Dunlap <George.Dunlap@eu.citrix.com>
Cc: Olaf Hering <olaf@aepfle.de>, Wei Liu <wei.liu2@citrix.com>, Ian Campbell <ian.campbell@citrix.com>, Stefano Stabellini <stefano.stabellini@eu.citrix.com>, "Luis R. Rodriguez" <mcgrof@do-not-panic.com>, Ian Jackson <ian.jackson@eu.citrix.com>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>, Anthony PERARD <anthony.perard@citrix.com>
List-Id: xen-devel@lists.xenproject.org

On 09/10/2015 03:13 PM, M A Young wrote:
> On Thu, 10 Sep 2015, George Dunlap wrote:
> 
>> On Fri, Dec 19, 2014 at 11:25 AM, Olaf Hering <olaf@aepfle.de> wrote:
>>> Using SELinux mount options per default breaks several systems.
>>> Either the context= mount option is not known at all to the kernel,
>>> as reported for ArchLinux. Or the default value "none" is unknown to
>>> SELinux, as reported for Fedora. In both cases the unit will fail.
>>>
>>> The proper place to specify mount options is /etc/fstab. Appearently
>>> systemd is kind enough to use values from there even if Options= or
>>> What= is specified in a .mount file.
>>
>> For the benefit of someone moonlighting as a CentOS package
>> maintainer, could you tell me how adding such an entry in a package is
>> normally done?  Or alternately, how you would recommend a package
>> maintainer to add the appropriate context?
> 
> I suspect it is actually easier to put the selinux context back into 
> systemd file rather than trying to edit /etc/fstab which could get messy.
> If that is what you want to do you could look at 
> http://pkgs.fedoraproject.org/cgit/xen.git/tree/xen.fedora.systemd.patch
> for ideas on how to do it.

Right, well manually modifying the upstream source file is not a good
"interface" to provide.  If modifying /etc/fstab is not "the right
solution" for packages, then much better solution would have been to do
what IanC suggested later in this thread, and do something like this
instead:

Options=mode=755,$XENSTORED_MOUNT_OPTIONS

 -George