From: George Dunlap <george.dunlap@citrix.com>
To: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Olaf Hering <olaf@aepfle.de>, Wei Liu <wei.liu2@citrix.com>,
Ian Campbell <ian.campbell@citrix.com>,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
George Dunlap <George.Dunlap@eu.citrix.com>,
"Luis R. Rodriguez" <mcgrof@do-not-panic.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
M A Young <m.a.young@durham.ac.uk>,
Anthony PERARD <anthony.perard@citrix.com>
Subject: Re: [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount
Date: Tue, 15 Sep 2015 16:52:29 +0100 [thread overview]
Message-ID: <55F83EBD.6050602@citrix.com> (raw)
In-Reply-To: <20150915151242.GG24562@l.oracle.com>
On 09/15/2015 04:12 PM, Konrad Rzeszutek Wilk wrote:
> On Tue, Sep 15, 2015 at 03:01:31PM +0100, George Dunlap wrote:
>> On 09/15/2015 02:58 PM, Konrad Rzeszutek Wilk wrote:
>>> On Tue, Sep 15, 2015 at 01:55:15PM +0100, George Dunlap wrote:
>>>> On Tue, Sep 15, 2015 at 1:48 PM, Olaf Hering <olaf@aepfle.de> wrote:
>>>>> On Tue, Sep 15, George Dunlap wrote:
>>>>>
>>>>>> It's very reasonable for you to expect it to be fixed on non-SELinux
>>>>>> systems. But what you did is fix it for non-SELinux systems by simply
>>>>>> breaking it on SELinux systems -- that's not at all reasonable.
>>>>>
>>>>> Konrad did some testing at that time and said 4.5 was ok.
>>>>> Why is 4.6 broken now?
>>>>
>>>> OK -- I see that he committed it, but I didn't see him say that he had
>>>> tested this particular patch. It would be interesting to find out why
>>>> it worked for him.
>>>
>>> It just worked out of the box when I installed an source build of the Xen
>>> on a virgin Fedora box.
>>>
>>> I am not sure how it worked if SELinux ended up being disabled!
>>
>> So how did you install Xen? "make install"? Or did you do "make rpmball"?
>
> ./configure --enable-systemd --prefix=/usr
>
> make -j31556
> make install
>
> cat README | grep systemctl
> [paste all of those in the command line]
>
> grub2-mkconfig -o /boot/grub/grub2.cfg
>
> reboot
Right -- so you never did "restorecon" or "fixfiles -f relabel" or
"touch /.autorelabel" or anything explicitly to give the installed
binares their selinux labels?
In which case I'm *guessing* that you never actually set up selinux for
the Xen binares, and the reason it worked for you was that you weren't
actualling using the selinux rules.
>> Is it possible that /usr/sbin/xenstored never got the default selinux
>> label, and so never had any issues from the fact that /var/lib/xenstored
>> also didn't have the proper label?
>
>
> I think you are asking me to try this once more and seeing if
> I see the error you think I should be seeing :-)
>
> I can certainly do that - but not today. Would Friday be OK?
Well, I did think about asking you to try again, but I purposely didn't.
:-)
Since you've offered though, yes, it would be good if you could do
exactly what you did before, and then look at
ls -lZ /usr/sbin/xenstored
And then, perhaps, do "touch /.autorelabel" (assuming that works on
Fedora the way it works on CentOS), reboot, and see what happens (and
what ls -lZ /usr/sbin/xenstored comes up with)?
I won't be working Friday, but I'll be back in Monday.
Thanks,
-George
next prev parent reply other threads:[~2015-09-15 15:52 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-19 11:25 [PATCH 0/7 v3] tools/hotplug: systemd changes for 4.5 Olaf Hering
2014-12-19 11:25 ` [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount Olaf Hering
2015-01-06 11:27 ` Ian Campbell
2015-01-07 9:23 ` Olaf Hering
2015-01-07 9:31 ` Ian Campbell
2015-01-07 14:53 ` Konrad Rzeszutek Wilk
2015-01-06 14:48 ` Ian Jackson
2015-09-10 13:52 ` George Dunlap
2015-09-10 14:13 ` M A Young
2015-09-10 14:17 ` George Dunlap
2015-09-11 6:31 ` Olaf Hering
2015-09-14 16:30 ` George Dunlap
2015-09-14 18:33 ` Olaf Hering
2015-09-15 8:55 ` George Dunlap
2015-09-15 12:48 ` Olaf Hering
2015-09-15 12:55 ` George Dunlap
2015-09-15 13:58 ` Konrad Rzeszutek Wilk
2015-09-15 14:01 ` George Dunlap
2015-09-15 15:12 ` Konrad Rzeszutek Wilk
2015-09-15 15:52 ` George Dunlap [this message]
2015-09-15 13:57 ` Konrad Rzeszutek Wilk
2014-12-19 11:25 ` [PATCH 2/7] tools/hotplug: remove XENSTORED_ROOTDIR from xenstored.service Olaf Hering
2014-12-19 11:25 ` [PATCH 3/7] tools/hotplug: xendomains.service depends on network Olaf Hering
2014-12-19 11:25 ` [PATCH 4/7] tools/hotplug: use xencommons as EnvironmentFile in xenconsoled.service Olaf Hering
2015-01-06 11:29 ` Ian Campbell
2015-01-06 14:45 ` Ian Jackson
2014-12-19 11:25 ` [PATCH 5/7] tools/hotplug: use XENCONSOLED_TRACE " Olaf Hering
2015-01-06 11:30 ` Ian Campbell
2015-01-06 15:26 ` Konrad Rzeszutek Wilk
2015-01-06 14:46 ` Ian Jackson
2014-12-19 11:25 ` [PATCH 6/7] tools/hotplug: remove EnvironmentFile from xen-qemu-dom0-disk-backend.service Olaf Hering
2015-01-06 11:33 ` Ian Campbell
2015-01-06 14:50 ` Ian Jackson
2014-12-19 11:25 ` [PATCH 7/7] tools/hotplug: add wrapper to start xenstored Olaf Hering
2015-01-06 11:41 ` Ian Campbell
2015-01-07 9:40 ` Olaf Hering
2015-01-07 15:27 ` Ian Jackson
2015-01-07 15:42 ` Konrad Rzeszutek Wilk
2015-09-10 14:19 ` George Dunlap
2015-09-10 14:53 ` Wei Liu
2015-09-10 15:01 ` M A Young
2015-09-10 15:10 ` Wei Liu
2015-09-10 15:11 ` George Dunlap
2015-09-10 16:01 ` Ian Jackson
2015-09-11 6:42 ` Olaf Hering
2015-01-06 14:58 ` Ian Jackson
2015-01-07 9:49 ` Olaf Hering
2015-01-07 14:55 ` Konrad Rzeszutek Wilk
2014-12-19 19:10 ` [PATCH 0/7 v3] tools/hotplug: systemd changes for 4.5 Konrad Rzeszutek Wilk
2014-12-22 8:06 ` Olaf Hering
2014-12-31 15:31 ` Konrad Rzeszutek Wilk
2015-01-05 21:22 ` Konrad Rzeszutek Wilk
2015-01-06 10:05 ` Ian Campbell
2015-01-06 15:00 ` Ian Jackson
2015-01-06 15:19 ` Konrad Rzeszutek Wilk
2015-01-07 9:53 ` Olaf Hering
2015-01-07 14:56 ` Konrad Rzeszutek Wilk
2015-01-07 15:03 ` Olaf Hering
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55F83EBD.6050602@citrix.com \
--to=george.dunlap@citrix.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=anthony.perard@citrix.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=konrad.wilk@oracle.com \
--cc=m.a.young@durham.ac.uk \
--cc=mcgrof@do-not-panic.com \
--cc=olaf@aepfle.de \
--cc=stefano.stabellini@eu.citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).