[Pkg-xen-devel] Bug#597403: Bug#597403: xen-utils-common: need to run restorecon in /etc/init.d/xend on SE Linux systems
Russell Coker
russell at coker.com.au
Sun Sep 19 13:40:37 UTC 2010
On Sun, 19 Sep 2010, Bastian Blank <waldi at debian.org> wrote:
> On Sun, Sep 19, 2010 at 10:45:06PM +1000, Russell Coker wrote:
> > The reason is that the module load causes the kernel to create device
> > nodes in the devtmpfs. This bypasses the udev code for labelling the
> > device node and results in xenstored being unable to access
> > /dev/xen/evtchn and therefore not working.
>
> No, it does not. The code to create devices in libxc was removed.
What is libxc?
The kernel creates the device node /dev/xen/evtchn, the creation process
bypasses even the kernel auditing layer because it's in the kernel.
http://marc.info/?t=128295019200002&r=1&w=2
The above URL has a link to some of the discussion of this issue by Red Hat
people. They are working on a nicer solution, but we can't do that for
Squeeze.
> > But for Squeeze it would be good if this could get included. It's one
> > line of shell code that results in nothing being done if policycoreutils
> > is not installed. I can't imagine any way that such a change could
> > break anything.
>
> You want do change a undefined number of packages?
I want to change every package that has a confined daemon which has a startup
script that loads a kernel module which creates a devtmpfs node rather than
just allowing udev to do it.
I don't think that will be many packages.
More information about the Pkg-xen-devel
mailing list