From: Ian Campbell <Ian.Campbell@citrix.com>
To: Olaf Hering <olaf@aepfle.de>
Cc: Wei Liu <wei.liu2@citrix.com>,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
xen-devel@lists.xen.org, m.a.young@durham.ac.uk,
Anthony PERARD <anthony.perard@citrix.com>,
"Luis R. Rodriguez" <mcgrof@do-not-panic.com>
Subject: Re: [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount
Date: Tue, 6 Jan 2015 11:27:38 +0000 [thread overview]
Message-ID: <1420543658.28863.138.camel@citrix.com> (raw)
In-Reply-To: <1418988333-5404-2-git-send-email-olaf@aepfle.de>
On Fri, 2014-12-19 at 12:25 +0100, Olaf Hering wrote:
> Using SELinux mount options per default breaks several systems.
> Either the context= mount option is not known at all to the kernel,
> as reported for ArchLinux. Or the default value "none" is unknown to
> SELinux, as reported for Fedora. In both cases the unit will fail.
>
> The proper place to specify mount options is /etc/fstab. Appearently
> systemd is kind enough to use values from there even if Options= or
> What= is specified in a .mount file.
>
> Remove XENSTORED_MOUNT_CTX, the reference to a non-existant
> EnvironmentFile and trim default Options= for the mount point.
>
> The removed code was first mentioned in the patch referenced below,
> with the following description:
> ...
> * Some systems define the selinux context in the systemd Option for
> the /var/lib/xenstored tmpfs:
> Options=mode=755,context="system_u:object_r:xenstored_var_lib_t:s0"
> For the upstream version we remove that and let systems specify
> the context on their system /etc/default/xenstored or
> /etc/sysconfig/xenstored $XENSTORED_MOUNT_CTX variable
> ...
> It is nowhere stated (on xen-devel) what "Some systems" means, which
> is unfortunately common practice in nearly all opensource projects.
> http://lists.xenproject.org/archives/html/xen-devel/2014-03/msg02462.html
>
> Signed-off-by: Olaf Hering <olaf@aepfle.de>
> Cc: Ian Jackson <ian.jackson@eu.citrix.com>
> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
(on commit s/Appearently/Apparently/; s/non-existant/non-existent/ in
the commit log)
> -Options=mode=755,context="$XENSTORED_MOUNT_CTX"
> +Options=mode=755
FWIW an alternative might have been:
Options=mode=755,$XENSTORED_MOUNT_OPTIONS
where the variable from the EnvironmentFile could contain context= as
necessary (and maybe even mode=... by default).
But if /etc/fstab is the Right Place(tm) then lets go with that for 4.5.
Ian.
next prev parent reply other threads:[~2015-01-06 11:27 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-19 11:25 [PATCH 0/7 v3] tools/hotplug: systemd changes for 4.5 Olaf Hering
2014-12-19 11:25 ` [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount Olaf Hering
2015-01-06 11:27 ` Ian Campbell [this message]
2015-01-07 9:23 ` Olaf Hering
2015-01-07 9:31 ` Ian Campbell
2015-01-07 14:53 ` Konrad Rzeszutek Wilk
2015-01-06 14:48 ` Ian Jackson
2015-09-10 13:52 ` George Dunlap
2015-09-10 14:13 ` M A Young
2015-09-10 14:17 ` George Dunlap
2015-09-11 6:31 ` Olaf Hering
2015-09-14 16:30 ` George Dunlap
2015-09-14 18:33 ` Olaf Hering
2015-09-15 8:55 ` George Dunlap
2015-09-15 12:48 ` Olaf Hering
2015-09-15 12:55 ` George Dunlap
2015-09-15 13:58 ` Konrad Rzeszutek Wilk
2015-09-15 14:01 ` George Dunlap
2015-09-15 15:12 ` Konrad Rzeszutek Wilk
2015-09-15 15:52 ` George Dunlap
2015-09-15 13:57 ` Konrad Rzeszutek Wilk
2014-12-19 11:25 ` [PATCH 2/7] tools/hotplug: remove XENSTORED_ROOTDIR from xenstored.service Olaf Hering
2014-12-19 11:25 ` [PATCH 3/7] tools/hotplug: xendomains.service depends on network Olaf Hering
2014-12-19 11:25 ` [PATCH 4/7] tools/hotplug: use xencommons as EnvironmentFile in xenconsoled.service Olaf Hering
2015-01-06 11:29 ` Ian Campbell
2015-01-06 14:45 ` Ian Jackson
2014-12-19 11:25 ` [PATCH 5/7] tools/hotplug: use XENCONSOLED_TRACE " Olaf Hering
2015-01-06 11:30 ` Ian Campbell
2015-01-06 15:26 ` Konrad Rzeszutek Wilk
2015-01-06 14:46 ` Ian Jackson
2014-12-19 11:25 ` [PATCH 6/7] tools/hotplug: remove EnvironmentFile from xen-qemu-dom0-disk-backend.service Olaf Hering
2015-01-06 11:33 ` Ian Campbell
2015-01-06 14:50 ` Ian Jackson
2014-12-19 11:25 ` [PATCH 7/7] tools/hotplug: add wrapper to start xenstored Olaf Hering
2015-01-06 11:41 ` Ian Campbell
2015-01-07 9:40 ` Olaf Hering
2015-01-07 15:27 ` Ian Jackson
2015-01-07 15:42 ` Konrad Rzeszutek Wilk
2015-09-10 14:19 ` George Dunlap
2015-09-10 14:53 ` Wei Liu
2015-09-10 15:01 ` M A Young
2015-09-10 15:10 ` Wei Liu
2015-09-10 15:11 ` George Dunlap
2015-09-10 16:01 ` Ian Jackson
2015-09-11 6:42 ` Olaf Hering
2015-01-06 14:58 ` Ian Jackson
2015-01-07 9:49 ` Olaf Hering
2015-01-07 14:55 ` Konrad Rzeszutek Wilk
2014-12-19 19:10 ` [PATCH 0/7 v3] tools/hotplug: systemd changes for 4.5 Konrad Rzeszutek Wilk
2014-12-22 8:06 ` Olaf Hering
2014-12-31 15:31 ` Konrad Rzeszutek Wilk
2015-01-05 21:22 ` Konrad Rzeszutek Wilk
2015-01-06 10:05 ` Ian Campbell
2015-01-06 15:00 ` Ian Jackson
2015-01-06 15:19 ` Konrad Rzeszutek Wilk
2015-01-07 9:53 ` Olaf Hering
2015-01-07 14:56 ` Konrad Rzeszutek Wilk
2015-01-07 15:03 ` Olaf Hering
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1420543658.28863.138.camel@citrix.com \
--to=ian.campbell@citrix.com \
--cc=anthony.perard@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=m.a.young@durham.ac.uk \
--cc=mcgrof@do-not-panic.com \
--cc=olaf@aepfle.de \
--cc=stefano.stabellini@eu.citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).