Your message dated Sun, 24 Jun 2012 10:11:51 +0200
with message-id <[email protected]>
and subject line Re: [Pkg-xen-devel] Bug#678719: xen-utils-common: please label
all created directories for SE Linux
has caused the Debian Bug report #678719,
regarding xen-utils-common: please label all created directories for SE Linux
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
678719: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678719
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: xen-utils-common
Version: 4.1.3~rc1+hg-20120614.a9c0a89c08f2-2
Severity: important
Please modify the init scripts in a manner similar to the following to give
the correct SE Linux labels. Failing to correctly label them may result in
Xen not working correctly when SE Linux is enabled.
--- /etc/init.d/xen.orig 2012-06-24 10:29:04.000000000 +1000
+++ /etc/init.d/xen 2012-06-24 10:29:54.000000000 +1000
@@ -182,6 +182,7 @@
start-stop-daemon --start --quiet --pidfile "$XENSTORED_PIDFILE" --exec
"$XENSTORED" --test > /dev/null \
|| return 1
[ -d "$XENSTORED_DIR" ] || mkdir -p "$XENSTORED_DIR"
+ [ -x /sbin/restorecon ] && /sbin/restorecon "$XENSTORED_DIR"
export XENSTORED_ROOTDIR="$XENSTORED_DIR"
start-stop-daemon --start --quiet --pidfile "$XENSTORED_PIDFILE" --exec
"$XENSTORED" -- \
$XENSTORED_ARGS --pid-file="$XENSTORED_PIDFILE" \
--- /etc/init.d/xendomains.orig 2012-06-24 10:29:08.000000000 +1000
+++ /etc/init.d/xendomains 2012-06-24 10:30:05.000000000 +1000
@@ -152,6 +152,7 @@
{
[ -n "$XENDOMAINS_SAVE" ] || return
[ -d "$XENDOMAINS_SAVE" ] || mkdir -m 0700 -p "$XENDOMAINS_SAVE"
+ [ -x /sbin/restorecon ] && /sbin/restorecon "$XENDOMAINS_SAVE"
while read id name rest; do
log_action_begin_msg "Saving Xen domain $name ($id)"
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages xen-utils-common depends on:
ii gawk 1:4.0.1+dfsg-2
ii lsb-base 4.1+Debian7
ii python 2.7.3~rc2-1
ii ucf 3.0025+nmu3
ii udev 175-3.1
ii xenstore-utils 4.1.3~rc1+hg-20120614.a9c0a89c08f2-2
xen-utils-common recommends no packages.
xen-utils-common suggests no packages.
-- Configuration Files:
/etc/init.d/xen changed:
. /lib/init/vars.sh
. /lib/lsb/init-functions
XENSTORED_DIR="/var/run/xenstored"
[ -r /etc/default/xen ] && . /etc/default/xen
[ -r /etc/default/xend ] && . /etc/default/xend
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DESC="Xen daemons"
ROOT=$(/usr/lib/xen-common/bin/xen-dir 2>/dev/null)
if [ $? -ne 0 ]; then
log_warning_msg "Not running within Xen or no compatible utils"
exit 0
fi
TOOLSTACK=$(/usr/lib/xen-common/bin/xen-toolstack 2>/dev/null)
if [ $? -ne 0 ]; then
log_warning_msg "No usable Xen toolstack selected"
exit 0
fi
[ -e "$ROOT"/bin/xend ] && XEND="$ROOT"/bin/xend
XENCONSOLED="$ROOT"/bin/xenconsoled
XENCONSOLED_PIDFILE="/var/run/xenconsoled.pid"
XENSTORED="$ROOT"/bin/xenstored
XENSTORED_PIDFILE="/var/run/xenstore.pid"
modules_setup()
{
modprobe xenfs 2>/dev/null
modprobe xen-evtchn 2>/dev/null
modprobe xen-gntdev 2>/dev/null
}
xenfs_setup()
{
[ -e "/proc/xen/capabilities" ] && return 0
log_progress_msg "xenfs"
[ -d "/proc/xen" ] || return 1
mount -t xenfs xenfs /proc/xen || return 1
return 0
}
capability_check()
{
[ -e "/proc/xen/capabilities" ] || return 1
grep -q "control_d" /proc/xen/capabilities || return 1
return 0
}
xend_start()
{
if [ -z "$XEND" ] || [ "$(basename "$TOOLSTACK")" != xm ]; then
return 0
fi
log_progress_msg "xend"
xend_start_real
return $?
}
xend_stop()
{
if [ -z "$XEND" ] || [ "$(basename "$TOOLSTACK")" != xm ]; then
return 0
fi
log_progress_msg "xend"
xend_stop_real
return $?
}
xend_restart()
{
if [ -z "$XEND" ] || [ "$(basename "$TOOLSTACK")" != xm ]; then
return 0
fi
log_progress_msg "xend"
xend_stop_real
case "$?" in
0|1)
xend_start_real
case "$?" in
0) ;;
*) return 2 ;;
esac
;;
*) return 2 ;;
esac
return 0
}
xend_start_real()
{
$XEND status && return 1
$XEND start || return 2
i=0
while [ $i -lt 10 ]; do
$XEND status && return 0 || true
i=$(($i + 1))
sleep 1
done
return 2
}
xend_stop_real()
{
log_progress_msg "xend"
$XEND status || return 0
$XEND stop || return 1
}
xenconsoled_start()
{
log_progress_msg "xenconsoled"
xenconsoled_start_real
return $?
}
xenconsoled_stop()
{
log_progress_msg "xenconsoled"
xenconsoled_stop_real
return $?
}
xenconsoled_restart()
{
log_progress_msg "xenconsoled"
xenconsoled_stop_real
case "$?" in
0|1)
xenconsoled_start_real
case "$?" in
0) ;;
*) return 2 ;;
esac
;;
*) return 2 ;;
esac
return 0
}
xenconsoled_start_real()
{
start-stop-daemon --start --quiet --pidfile "$XENCONSOLED_PIDFILE"
--exec "$XENCONSOLED" --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --pidfile "$XENCONSOLED_PIDFILE"
--exec "$XENCONSOLED" -- \
$XENCONSOLED_ARGS --pid-file="$XENCONSOLED_PIDFILE" \
|| return 2
}
xenconsoled_stop_real()
{
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile
"$XENCONSOLED_PIDFILE" --name xenconsoled
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec
"$XENCONSOLED"
[ "$?" = 2 ] && return 2
rm -f $PIDFILE
return "$RETVAL"
}
xenstored_start()
{
log_progress_msg "xenstored"
start-stop-daemon --start --quiet --pidfile "$XENSTORED_PIDFILE" --exec
"$XENSTORED" --test > /dev/null \
|| return 1
[ -d "$XENSTORED_DIR" ] || mkdir -p "$XENSTORED_DIR"
[ -x /sbin/restorecon ] && /sbin/restorecon "$XENSTORED_DIR"
export XENSTORED_ROOTDIR="$XENSTORED_DIR"
start-stop-daemon --start --quiet --pidfile "$XENSTORED_PIDFILE" --exec
"$XENSTORED" -- \
$XENSTORED_ARGS --pid-file="$XENSTORED_PIDFILE" \
|| return 2
xenstore-write "/local/domain/0/name" "Domain-0"
}
case "$1" in
start)
log_daemon_msg "Starting $DESC"
modules_setup
xenfs_setup
case "$?" in
0) ;;
*) log_end_msg 1; exit ;;
esac
capability_check
case "$?" in
0) ;;
*) log_end_msg 255; exit ;;
esac
xenstored_start
case "$?" in
0|1) ;;
*) log_end_msg 1; exit ;;
esac
xenconsoled_start
case "$?" in
0|1) ;;
*) log_end_msg 1; exit ;;
esac
xend_start
case "$?" in
0|1) ;;
*) log_end_msg 1; exit ;;
esac
log_end_msg 0
;;
stop)
capability_check
case "$?" in
0) ;;
*) exit ;;
esac
log_daemon_msg "Stopping $DESC"
ret=0
xend_stop
case "$?" in
0|1) ;;
*) ret=1 ;;
esac
xenconsoled_stop
case "$?" in
0|1) ;;
*) ret=1 ;;
esac
log_end_msg $ret
;;
restart|force-reload)
capability_check
case "$?" in
0) ;;
*) exit ;;
esac
log_daemon_msg "Restarting $DESC"
ret=0
xend_restart
case "$?" in
0|1) ;;
*) ret=1 ;;
esac
xenconsoled_restart
case "$?" in
0|1) ;;
*) ret=1 ;;
esac
log_end_msg $ret
;;
*)
echo "Usage: $0 {start|stop|restart|force-reload}" >&2
exit 3
;;
esac
exit 0
/etc/init.d/xendomains changed:
. /lib/init/vars.sh
. /lib/lsb/init-functions
xen list &> /dev/null
if test $? -ne 0
then
exit 0;
fi
if ! [ -e /proc/xen/privcmd ]; then
exit 0
fi
[ -r /etc/default/xendomains ] && . /etc/default/xendomains
shopt -s nullglob
check_config_name()
{
xen create --quiet --dryrun --defconfig "$1" | sed -n 's/^.*(name
\(.*\))$/\1/p'
}
check_running()
{
xen domid "$1" > /dev/null 2>&1
return $?
}
timeout_coproc()
{
TIMEOUT="$1"
for no in $(seq 0 $TIMEOUT); do
if [ -z "$COPROC_PID" ]; then return 0; fi
sleep 1
log_action_cont_msg
done
kill -INT "$COPROC_PID" >/dev/null 2>&1
wait $COPROC_PID
return 1
}
timeout_domain()
{
name="$1"
TIMEOUT="$2"
for no in $(seq 0 $TIMEOUT); do
if ! check_running "$name"; then return 0; fi
sleep 1
log_action_cont_msg
done
return 1
}
do_start_restore()
{
[ -n "$XENDOMAINS_SAVE" ] || return
[ -d "$XENDOMAINS_SAVE" ] || return
[ -n "$XENDOMAINS_RESTORE" ] || return
for file in $XENDOMAINS_SAVE/*; do
if [ -f $file ] ; then
name="${file##*/}"
log_action_begin_msg "Restoring Xen domain $name (from $file)"
out=$(xen restore "$file" 2>&1 1>/dev/null)
case "$?" in
0)
rm "$file"
domains[$name]='started'
log_action_end_msg 0
;;
*)
domains[$name]='failed'
log_action_end_msg 1
echo "$out"
;;
esac
fi
done
}
do_start_auto()
{
[ -n "$XENDOMAINS_AUTO" ] || return
[ -d "$XENDOMAINS_AUTO" ] || return
for file in $XENDOMAINS_AUTO/*; do
name="$(check_config_name $file)"
if [ "${domains[$name]}" = started ]; then
:
elif check_running "$name"; then
log_action_msg "Xen domain $name already running"
else
log_action_begin_msg "Starting Xen domain $name (from $file)"
if [ "${domains[$name]}" = failed ]; then
log_action_end_msg 1 "restore failed"
else
out=$(xen create --quiet --defconfig "$file" 2>&1 1>/dev/null)
case "$?" in
0)
log_action_end_msg 0
;;
*)
log_action_end_msg 1
echo "$out"
;;
esac
fi
fi
done
}
do_start()
{
declare -A domains
do_start_restore
do_start_auto
}
do_stop_migrate()
{
[ -n "$XENDOMAINS_MIGRATE" ] || return
while read id name rest; do
log_action_begin_msg "Migrating Xen domain $name ($id)"
coproc xen migrate $id $XENDOMAINS_MIGRATE 2>&1 1>/dev/null
timeout_coproc "$XENDOMAINS_STOP_MAXWAIT"
log_action_end_msg $?
done < <(/usr/lib/xen-common/bin/xen-init-list)
}
do_stop_save()
{
[ -n "$XENDOMAINS_SAVE" ] || return
[ -d "$XENDOMAINS_SAVE" ] || mkdir -m 0700 -p "$XENDOMAINS_SAVE"
[ -x /sbin/restorecon ] && /sbin/restorecon "$XENDOMAINS_SAVE"
while read id name rest; do
log_action_begin_msg "Saving Xen domain $name ($id)"
coproc xen save $id $XENDOMAINS_SAVE/$name 2>&1 1>/dev/null
timeout_coproc "$XENDOMAINS_STOP_MAXWAIT"
log_action_end_msg $?
done < <(/usr/lib/xen-common/bin/xen-init-list)
}
do_stop_shutdown()
{
while read id name rest; do
log_action_begin_msg "Shutting down Xen domain $name ($id)"
xen shutdown $id 2>&1 1>/dev/null
timeout_domain "$name" "$XENDOMAINS_STOP_MAXWAIT"
log_action_end_msg $?
done < <(/usr/lib/xen-common/bin/xen-init-list)
}
do_stop()
{
do_stop_migrate
do_stop_save
do_stop_shutdown
}
case "$1" in
start)
do_start
;;
stop)
do_stop
;;
restart)
do_stop
do_start
;;
reload|force-reload)
do_stop
do_start
;;
*)
echo "Usage: $0 {start|stop|restart|reload|force-reload}"
exit 3
;;
esac
exit 0
-- debconf-show failed
--- End Message ---
--- Begin Message ---
On Sun, Jun 24, 2012 at 10:33:23AM +1000, Russell Coker wrote:
> Please modify the init scripts in a manner similar to the following to give
> the correct SE Linux labels. Failing to correctly label them may result in
> Xen not working correctly when SE Linux is enabled.
Please document this in the Debian policy.
Bastian
--
Ahead warp factor one, Mr. Sulu.
--- End Message ---
