On Fri, 12 Dec 2014, Ian Campbell wrote:
On Fri, 2014-12-12 at 12:37 +0100, Olaf Hering wrote:
On Fri, Dec 12, Ian Campbell wrote:
Seems ok. I wonder if the wrapper ought to source
@CONFIG_DIR@/@CONFIG_LEAF_DIR@/xencommons to obtain XENSTORED_* itself
rather than relying on the initscript and unit file to do so. Especially
in the initscript case it looks a bit ugly to have to manually propagate
things.
It seems all that wrapping is of no use because SELinux can not deal
with it.
I suppose you mean "the current SELinux policies". Surely SELinux in
general can cope with execing things...
I suspect it is more how systemd implements selinux. xenstored does get
the right permissions eventually, but too late to connect to the sockets.
Michael Young
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel