|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Xen, systemd, and selinux
Hey Michael, Not sure if you know, I've been maintaining the Xen4CentOS packages; I suspect given the similarities between our systems we're solving the same issues; particularly with the systemd/selinux combination. I've just ported my patchqueue up to 4.7-rc4, and it looks like the SELinux rules for xenstored -- at least the ones that come with CentOS 7 -- are outdated; they allow xenstored to open /proc/xen/privcmd (which is deprecated), but not /dev/xen/privcmd. Do you know where the "upstream" for these rules are, and how to get them changed in a way that will trickle down eventually to CentOS? As of 4.7-rc4, libxc will first try to open /dev/xen/privcmd, then *if* it fails with a certain set of error codes, it tries /proc/xen/privcmd instead. Unfortunately, EACCES (the failure you get from SELinux denials) is not one of those error codes. If you just add that error code in to the list of acceptable error codes, then things work for me. Thanks, -George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |