This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] ssh in rc.local stalls xenU [SOLVED]

on Thu, Dec 15, 2005 at 04:51:52PM -0500, Steve Brueckner 
(steve@xxxxxxxxxxxxxx) wrote:
> Karsten M. Self wrote:
> > on Thu, Dec 15, 2005 at 01:38:29PM -0500, Steve Brueckner
> > (steve@xxxxxxxxxxxxxx) wrote: 
> >> I'm using Fedora Core 4.  I need to create an ssh port forwarding
> >> tunnel to my xen0 domain when my xenU domain starts up, so I added
> >> this to the xenU's /etc/rc.d/rc.local:
> >> 
> >> ssh -v -f -L 5500:localhost:5501 xen0_ip tail -f /dev/null
> >> 
> >> This causes my VM to pause for about 3 minutes during boot.
> >> Furthermore, the ssh tunnel never gets created.  The ssh command is
> >> stalling at "Connecting to (xen0_IP) port 22"
> > 
> > It would be useful to see what's happening on the remote (well,
> > local) server side.  Check sshd's logs, and/or run it manually in
> > debug mode and watch its output as the connection is being attempted:


> Ah, I should have thought of this earlier.  My custom SELinux policy
> disables networking for unconfined_t, so it puts ssh into sshd_t (which
> allows networking).  But it only puts ssh into sshd_t when started by root;
> there was no transition specified in my policy that ssh should go into
> sshd_t when started by initrc_t.  A couple of lines in my
> domains/program/ssh.te fixed it:
> role initrc_t types sshd_t;
> domain_auto_trans(initrc_t, sshd_exec_t, sshd_t)
> So, the network was in fact up but I was shooting myself in the foot.  This
> is definitely not a Xen-related issue.  Thanks for your responses; I
> appreciate the help.

SOP for us is to disable SELinux when using Xen for a number of reasons,
as documentation indicates.

You can set 'selinux=0' as a Linux boot parameter to do this globally,
and might want to add that as a debug/test step to isolate SELinux
issues from other possibilities, if you must run SELinux.


Karsten M. Self <karsten@xxxxxxxxxxxxx>
XenSource, Inc.
2300 Geng Road #250                                +1 650.798.5900 x259
Palo Alto, CA 94303                                +1 650.493.1579 fax

Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>