[PATCH 0/7 v3] tools/hotplug: systemd changes for 4.5

[Olaf Hering <olaf@aepfle.de>]

This is a resend of these two series:
http://lists.xenproject.org/archives/html/xen-devel/2014-12/msg00858.html
http://lists.xenproject.org/archives/html/xen-devel/2014-12/msg00669.html

New in v3 is a wrapper to run xenstored. See its patch description
for details.

Patch 2-6 should be applied for 4.5.0.

The first and the last one still has issues with xenstored and
SELinux. See below.  Up to now no solution is known to me.


The first patch fixes Arch Linux and does not break anything.  As such
it should be safe to be applied for 4.5.0.  SELinux users (who build
from source) should put their special mount options into fstab. Distro
packages will most likely include a proper .service file.


The last patch addresses the XENSTORED_TRACE issue. But SELinux will
most likely still not work.

Possible ways to handle launching xenstored and SELinux:

- do nothing
  pro: - no Xen source changes required
  con: - possible unhappy users who build from source and still have
         SELinux enabled

- use newly added wrapper
  pro: - XENSTORED_TRACE boolean is handled
  con: - the wrapper may have the very same issue as the current
         launching with sh -c 'exec xenstored'. But maybe there is a
	 way to mark the new wrapper script as "this is the native
	 xenstored". Someone familiar with SELinux may be able to
	 answer this.

- Use ExecStart=@XENSTORED@
  pro: - socket passing will most likely work
  con: - All options have to be passed in XENSTORED_ARGS, a new variable
         which is not yet mentioned in the sysconfig file.
       - Switching xenstored requires a private copy of
	 xenstored.service in /etc/systemd instead of adjusting the
	 XENSTORED= variable in the sysconfig file.

- Use ExecStart=/usr/bin/env $XENSTORED
  pro: - $XENSTORED can be set in sysconfig file
  con: - may have the same socket issue as starting via shell
       - XENSTORED_TRACE boolean is not handled


I will be offline until 2015-01-07, so any further adjustments to this
series has to be done by someone else.


Good luck!

Olaf


Olaf Hering (7):
  tools/hotplug: remove SELinux options from var-lib-xenstored.mount
  tools/hotplug: remove XENSTORED_ROOTDIR from xenstored.service
  tools/hotplug: xendomains.service depends on network
  tools/hotplug: use xencommons as EnvironmentFile in
    xenconsoled.service
  tools/hotplug: use XENCONSOLED_TRACE in xenconsoled.service
  tools/hotplug: remove EnvironmentFile from
    xen-qemu-dom0-disk-backend.service
  tools/hotplug: add wrapper to start xenstored

 .gitignore                                                        | 1 +
 tools/configure                                                   | 3 ++-
 tools/configure.ac                                                | 1 +
 tools/hotplug/Linux/Makefile                                      | 2 ++
 tools/hotplug/Linux/init.d/xencommons.in                          | 6 ++++--
 tools/hotplug/Linux/systemd/var-lib-xenstored.mount.in            | 4 +---
 tools/hotplug/Linux/systemd/xen-qemu-dom0-disk-backend.service.in | 1 -
 tools/hotplug/Linux/systemd/xenconsoled.service.in                | 6 +++---
 tools/hotplug/Linux/systemd/xendomains.service.in                 | 2 ++
 tools/hotplug/Linux/systemd/xenstored.service.in                  | 6 ++----
 tools/hotplug/Linux/xenstored.sh.in                               | 6 ++++++
 11 files changed, 24 insertions(+), 14 deletions(-)
 create mode 100644 tools/hotplug/Linux/xenstored.sh.in