Re: [Xen-devel] [PATCH 0/7 v3] tools/hotplug: systemd changes for 4.5
On Mon, Jan 05, Konrad Rzeszutek Wilk wrote: +Release Issues +== + +While we did the utmost to get a release out, there are certain +fixes which were not complete on time. As such please reference this +section if you are running into trouble. + +* systemd not working with Fedora Core 20, 21 or later (systemctl + reports xenstore failing to start). + + Systemd support is now part of Xen source code. While utmost work has + been done to make the systemd files compatible across all the + distributions, there might issues when using systemd files from + Xen sources. The work-around is to define an mount entry in + /etc/fstab as follow: + + tmpfs /var/lib/xenstored tmpfs + mode=755,context=system_u:object_r:xenstored_var_lib_t:s0 0 0 + + Shouldnt this go into a new SELinux section in the INSTALL file? Its my understanding that the reported SELinux failure is not only related to the context= mount option, but also to the socket passing from systemd. Olaf ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH 0/7 v3] tools/hotplug: systemd changes for 4.5
On Wed, Jan 07, 2015 at 10:53:06AM +0100, Olaf Hering wrote: On Mon, Jan 05, Konrad Rzeszutek Wilk wrote: +Release Issues +== + +While we did the utmost to get a release out, there are certain +fixes which were not complete on time. As such please reference this +section if you are running into trouble. + +* systemd not working with Fedora Core 20, 21 or later (systemctl + reports xenstore failing to start). + + Systemd support is now part of Xen source code. While utmost work has + been done to make the systemd files compatible across all the + distributions, there might issues when using systemd files from + Xen sources. The work-around is to define an mount entry in + /etc/fstab as follow: + + tmpfs /var/lib/xenstored tmpfs + mode=755,context=system_u:object_r:xenstored_var_lib_t:s0 0 0 + + Shouldnt this go into a new SELinux section in the INSTALL file? It is going in the web-page for 'Release Issues' and such. Its my understanding that the reported SELinux failure is not only related to the context= mount option, but also to the socket passing from systemd. I couldn't spot any errors in SELinux for this. Perhaps I had misconfigured? Olaf ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH 0/7 v3] tools/hotplug: systemd changes for 4.5
On Wed, Jan 07, Konrad Rzeszutek Wilk wrote: On Wed, Jan 07, 2015 at 10:53:06AM +0100, Olaf Hering wrote: Its my understanding that the reported SELinux failure is not only related to the context= mount option, but also to the socket passing from systemd. I couldn't spot any errors in SELinux for this. Perhaps I had misconfigured? Last year you said xenstored did not start, even with patch #1 applied. I dont know if you added the required fstab changes. So if current staging works fine with SELinux enabled we could go with this change for the service file, instead of the wrapper: ExecStart=/usr/bin/env $XENSTORED --no-fork $XENSTORED_ARGS Does that work for you? If yes, lets get rid of the XENSTORED_TRACE= boolean and use a new XENSTORED_ARGS= variable instead. That would make patch #7 alot simpler. Olaf ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH 0/7 v3] tools/hotplug: systemd changes for 4.5
Konrad Rzeszutek Wilk writes (Re: [Xen-devel] [PATCH 0/7 v3] tools/hotplug: systemd changes for 4.5): #4 (tools/hotplug: use xencommons as EnvironmentFile in xenconsoled.service) #5 (tools/hotplug: use XENCONSOLED_TRACE in xenconsoled.service) #6 (tools/hotplug: remove EnvironmentFile from xen-qemu-dom0-disk-backend.service) need Acks. Done. For patch #1 (tools/hotplug: remove SELinux options from var-lib-xenstored.mount) Release-Acked-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com Tested-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com with the below change to README file. It also needs an Ack. Done. For patch #7 ( tools/hotplug: add wrapper to start xenstored) Tested-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com However there is a question in there for Ian: The place of the wrapper is currently LIBEXEC_BIN, it has to be decided what the final location is supposed to be. IanJ wants it in /etc. IanJ - any specific reasons for having it in /etc instead of LIBEXEC_BIN? This is in regards to the introduction of this file: I explained this in my previous response and made what I thought was an unequivocal declaration about the location of the file. Such as this might be good (Or perhaps move it to the INSTALL file) ... --- a/README +++ b/README ... +Release Issues +== I'm happy to have this particular issue here in the README. But I think the release notes need to be out of tree. This is so that if we discover an issue between last commit deadline and release, we can update the release notes. Thanks, Ian. ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH 0/7 v3] tools/hotplug: systemd changes for 4.5
On Tue, Jan 06, 2015 at 03:00:16PM +, Ian Jackson wrote: Konrad Rzeszutek Wilk writes (Re: [Xen-devel] [PATCH 0/7 v3] tools/hotplug: systemd changes for 4.5): #4 (tools/hotplug: use xencommons as EnvironmentFile in xenconsoled.service) #5 (tools/hotplug: use XENCONSOLED_TRACE in xenconsoled.service) #6 (tools/hotplug: remove EnvironmentFile from xen-qemu-dom0-disk-backend.service) need Acks. Done. Thank you. Let me apply #1-#6 in staging then. For patch #1 (tools/hotplug: remove SELinux options from var-lib-xenstored.mount) Release-Acked-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com Tested-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com with the below change to README file. It also needs an Ack. Done. For patch #7 ( tools/hotplug: add wrapper to start xenstored) Tested-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com However there is a question in there for Ian: The place of the wrapper is currently LIBEXEC_BIN, it has to be decided what the final location is supposed to be. IanJ wants it in /etc. IanJ - any specific reasons for having it in /etc instead of LIBEXEC_BIN? This is in regards to the introduction of this file: I explained this in my previous response and made what I thought was an unequivocal declaration about the location of the file. Such as this might be good (Or perhaps move it to the INSTALL file) ... --- a/README +++ b/README ... +Release Issues +== I'm happy to have this particular issue here in the README. But I think the release notes need to be out of tree. This is so that if we discover an issue between last commit deadline and release, we can update the release notes. nods Will create one on the Wiki and add it there. Thanks, Ian. ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH 0/7 v3] tools/hotplug: systemd changes for 4.5
On Wed, Dec 31, 2014 at 10:31:06AM -0500, Konrad Rzeszutek Wilk wrote: On Mon, Dec 22, 2014 at 09:06:40AM +0100, Olaf Hering wrote: On Fri, Dec 19, Konrad Rzeszutek Wilk wrote: On Fri, Dec 19, 2014 at 12:25:26PM +0100, Olaf Hering wrote: This is a resend of these two series: http://lists.xenproject.org/archives/html/xen-devel/2014-12/msg00858.html http://lists.xenproject.org/archives/html/xen-devel/2014-12/msg00669.html New in v3 is a wrapper to run xenstored. See its patch description for details. Patch 2-6 should be applied for 4.5.0. IanJ, Wei, IanC, please read below. Patch #2-#6: Release-Acked-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com Tested-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com #2,#3 has an Ack #4 (tools/hotplug: use xencommons as EnvironmentFile in xenconsoled.service) #5 (tools/hotplug: use XENCONSOLED_TRACE in xenconsoled.service) #6 (tools/hotplug: remove EnvironmentFile from xen-qemu-dom0-disk-backend.service) need Acks. The first and the last one still has issues with xenstored and SELinux. See below. Up to now no solution is known to me. The first patch fixes Arch Linux and does not break anything. As such it should be safe to be applied for 4.5.0. SELinux users (who build from source) should put their special mount options into fstab. Distro For patch #1 (tools/hotplug: remove SELinux options from var-lib-xenstored.mount) Release-Acked-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com Tested-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com with the below change to README file. It also needs an Ack. For patch #7 ( tools/hotplug: add wrapper to start xenstored) Tested-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com However there is a question in there for Ian: The place of the wrapper is currently LIBEXEC_BIN, it has to be decided what the final location is supposed to be. IanJ wants it in /etc. IanJ - any specific reasons for having it in /etc instead of LIBEXEC_BIN? This is in regards to the introduction of this file: diff --git a/tools/hotplug/Linux/xenstored.sh.in b/tools/hotplug/Linux/xenstored.sh.in new file mode 100644 index 000..dc806ee --- /dev/null +++ b/tools/hotplug/Linux/xenstored.sh.in @@ -0,0 +1,6 @@ +#!/bin/sh +if test -n $XENSTORED_TRACE +then + XENSTORED_ARGS= -T /var/log/xen/xenstored-trace.log +fi +exec $XENSTORED $@ $XENSTORED_ARGS Could you elaborate what that is? As in what is that 'special mount options'? The context= mount option, about which we argue since a few weeks? You said 'special mount options into fstab' ? Is that the same as 'context='?? (checks the manpage) AHA, it is! In which case would it just to say that this needs to be added as a workaround: xenstored /var/lib/xenstored xenstored context=system_u:object_r:xenstored_var_lib_t:s0 1 1 To be exact: tmpfs /var/lib/xenstored tmpfs mode=755,context=system_u:object_r:xenstored_var_lib_t:s0 0 0 See patch #1. packages will most likely include a proper .service file. The last patch addresses the XENSTORED_TRACE issue. But SELinux will most likely still not work. Possible ways to handle launching xenstored and SELinux: - do nothing pro: - no Xen source changes required con: - possible unhappy users who build from source and still have SELinux enabled At this stage I prefer this and just have in the release notes the work-around documented. Which workaround is that? No SELinux on Fedora? That is not an option. The workaround is to document what the 'context' is .. or whatever else is needed to make this work. Such as this might be good (Or perhaps move it to the INSTALL file) diff --git a/README b/README index 412607a..7d74214 100644 --- a/README +++ b/README @@ -33,6 +33,26 @@ This file contains some quick-start instructions to install Xen on your system. For more information see http:/www.xen.org/ and http://wiki.xen.org/ +Release Issues +== + +While we did the utmost to get a release out, there are certain +fixes which were not complete on time. As such please reference this +section if you are running into trouble. + +* systemd not working with Fedora Core 20, 21 or later (systemctl + reports xenstore failing to start). + + Systemd support is now part of Xen source code. While utmost work has + been done to make the systemd files compatible across all the + distributions, there might issues when using systemd files from + Xen sources. The work-around is to define an mount entry in + /etc/fstab as follow: + + tmpfs /var/lib/xenstored tmpfs + mode=755,context=system_u:object_r:xenstored_var_lib_t:s0 0 0 + + Quick-Start Guide =
Re: [Xen-devel] [PATCH 0/7 v3] tools/hotplug: systemd changes for 4.5
On Mon, Dec 22, 2014 at 09:06:40AM +0100, Olaf Hering wrote: On Fri, Dec 19, Konrad Rzeszutek Wilk wrote: On Fri, Dec 19, 2014 at 12:25:26PM +0100, Olaf Hering wrote: This is a resend of these two series: http://lists.xenproject.org/archives/html/xen-devel/2014-12/msg00858.html http://lists.xenproject.org/archives/html/xen-devel/2014-12/msg00669.html New in v3 is a wrapper to run xenstored. See its patch description for details. Patch 2-6 should be applied for 4.5.0. The first and the last one still has issues with xenstored and SELinux. See below. Up to now no solution is known to me. The first patch fixes Arch Linux and does not break anything. As such it should be safe to be applied for 4.5.0. SELinux users (who build from source) should put their special mount options into fstab. Distro Could you elaborate what that is? As in what is that 'special mount options'? The context= mount option, about which we argue since a few weeks? You said 'special mount options into fstab' ? Is that the same as 'context='?? (checks the manpage) AHA, it is! In which case would it just to say that this needs to be added as a workaround: xenstored /var/lib/xenstored xenstored context=system_u:object_r:xenstored_var_lib_t:s0 1 1 See patch #1. packages will most likely include a proper .service file. The last patch addresses the XENSTORED_TRACE issue. But SELinux will most likely still not work. Possible ways to handle launching xenstored and SELinux: - do nothing pro: - no Xen source changes required con: - possible unhappy users who build from source and still have SELinux enabled At this stage I prefer this and just have in the release notes the work-around documented. Which workaround is that? No SELinux on Fedora? That is not an option. The workaround is to document what the 'context' is .. or whatever else is needed to make this work. Olaf ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH 0/7 v3] tools/hotplug: systemd changes for 4.5
On Fri, Dec 19, 2014 at 12:25:26PM +0100, Olaf Hering wrote: This is a resend of these two series: http://lists.xenproject.org/archives/html/xen-devel/2014-12/msg00858.html http://lists.xenproject.org/archives/html/xen-devel/2014-12/msg00669.html New in v3 is a wrapper to run xenstored. See its patch description for details. Patch 2-6 should be applied for 4.5.0. The first and the last one still has issues with xenstored and SELinux. See below. Up to now no solution is known to me. The first patch fixes Arch Linux and does not break anything. As such it should be safe to be applied for 4.5.0. SELinux users (who build from source) should put their special mount options into fstab. Distro Could you elaborate what that is? As in what is that 'special mount options'? packages will most likely include a proper .service file. The last patch addresses the XENSTORED_TRACE issue. But SELinux will most likely still not work. Possible ways to handle launching xenstored and SELinux: - do nothing pro: - no Xen source changes required con: - possible unhappy users who build from source and still have SELinux enabled At this stage I prefer this and just have in the release notes the work-around documented. - use newly added wrapper pro: - XENSTORED_TRACE boolean is handled con: - the wrapper may have the very same issue as the current launching with sh -c 'exec xenstored'. But maybe there is a way to mark the new wrapper script as this is the native xenstored. Someone familiar with SELinux may be able to answer this. - Use ExecStart=@XENSTORED@ pro: - socket passing will most likely work con: - All options have to be passed in XENSTORED_ARGS, a new variable which is not yet mentioned in the sysconfig file. - Switching xenstored requires a private copy of xenstored.service in /etc/systemd instead of adjusting the XENSTORED= variable in the sysconfig file. - Use ExecStart=/usr/bin/env $XENSTORED pro: - $XENSTORED can be set in sysconfig file con: - may have the same socket issue as starting via shell - XENSTORED_TRACE boolean is not handled I will be offline until 2015-01-07, so any further adjustments to this series has to be done by someone else. Good luck! Olaf Olaf Hering (7): tools/hotplug: remove SELinux options from var-lib-xenstored.mount tools/hotplug: remove XENSTORED_ROOTDIR from xenstored.service tools/hotplug: xendomains.service depends on network tools/hotplug: use xencommons as EnvironmentFile in xenconsoled.service tools/hotplug: use XENCONSOLED_TRACE in xenconsoled.service tools/hotplug: remove EnvironmentFile from xen-qemu-dom0-disk-backend.service tools/hotplug: add wrapper to start xenstored .gitignore| 1 + tools/configure | 3 ++- tools/configure.ac| 1 + tools/hotplug/Linux/Makefile | 2 ++ tools/hotplug/Linux/init.d/xencommons.in | 6 -- tools/hotplug/Linux/systemd/var-lib-xenstored.mount.in| 4 +--- tools/hotplug/Linux/systemd/xen-qemu-dom0-disk-backend.service.in | 1 - tools/hotplug/Linux/systemd/xenconsoled.service.in| 6 +++--- tools/hotplug/Linux/systemd/xendomains.service.in | 2 ++ tools/hotplug/Linux/systemd/xenstored.service.in | 6 ++ tools/hotplug/Linux/xenstored.sh.in | 6 ++ 11 files changed, 24 insertions(+), 14 deletions(-) create mode 100644 tools/hotplug/Linux/xenstored.sh.in ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
