[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount
On Fri, 2014-12-19 at 12:25 +0100, Olaf Hering wrote: > Using SELinux mount options per default breaks several systems. > Either the context= mount option is not known at all to the kernel, > as reported for ArchLinux. Or the default value "none" is unknown to > SELinux, as reported for Fedora. In both cases the unit will fail. > > The proper place to specify mount options is /etc/fstab. Appearently > systemd is kind enough to use values from there even if Options= or > What= is specified in a .mount file. > > Remove XENSTORED_MOUNT_CTX, the reference to a non-existant > EnvironmentFile and trim default Options= for the mount point. > > The removed code was first mentioned in the patch referenced below, > with the following description: > ... > * Some systems define the selinux context in the systemd Option for > the /var/lib/xenstored tmpfs: > Options=mode=755,context="system_u:object_r:xenstored_var_lib_t:s0" > For the upstream version we remove that and let systems specify > the context on their system /etc/default/xenstored or > /etc/sysconfig/xenstored $XENSTORED_MOUNT_CTX variable > ... > It is nowhere stated (on xen-devel) what "Some systems" means, which > is unfortunately common practice in nearly all opensource projects. > http://lists.xenproject.org/archives/html/xen-devel/2014-03/msg02462.html > > Signed-off-by: Olaf Hering <olaf@xxxxxxxxx> > Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> > Cc: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx> Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx> (on commit s/Appearently/Apparently/; s/non-existant/non-existent/ in the commit log) > -Options=mode=755,context="$XENSTORED_MOUNT_CTX" > +Options=mode=755 FWIW an alternative might have been: Options=mode=755,$XENSTORED_MOUNT_OPTIONS where the variable from the EnvironmentFile could contain context= as necessary (and maybe even mode=... by default). But if /etc/fstab is the Right Place(tm) then lets go with that for 4.5. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |