Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount

2015-09-15 Thread George Dunlap 
On Mon, Sep 14, 2015 at 7:33 PM, Olaf Hering  wrote:
> On Mon, Sep 14, George Dunlap wrote:
>
>> Well if you "know nothing about SELinux", and you don't use it, and
>> don't have any test systems that use it, then why did you assert
>> "The proper place to specify [an SELinux mount context] is /etc/fstab"?
>>  This patchset was accepted because you represented it as the "right"
>> way of doing things.
>
> Because at that time the way SELinux was handled failed on systems which
> had SELinux disabled, or which did not recognize the option.
> And I still think that mount options have to go into fstab.

It's very reasonable for you to expect it to be fixed on non-SELinux
systems.  But what you did is fix it for non-SELinux systems by simply
breaking it on SELinux systems -- that's not at all reasonable.

And I'm not really familiar enough with the standards around fstab and
whatever to have a strong opinion on the "right" way to do things; but
"fiddle with fstab and pray that the added lines fit the system
policies" is definitely not my idea of the Right Way to do things.

In any case, it looks like adding manual mount options isn't actually
the Right Way to do fix things for SELinux, no matter where you put
them -- it requires your mount options to be kept in sync with the
global SELinux policy, which is more fragile.  The way most other
tmpfs things get dealt with, as I said, is running "restorecon", which
updates labels from the master SELinux policy.

 -George

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount

2015-09-15 Thread George Dunlap 
On 09/15/2015 04:12 PM, Konrad Rzeszutek Wilk wrote:
> On Tue, Sep 15, 2015 at 03:01:31PM +0100, George Dunlap wrote:
>> On 09/15/2015 02:58 PM, Konrad Rzeszutek Wilk wrote:
>>> On Tue, Sep 15, 2015 at 01:55:15PM +0100, George Dunlap wrote:
 On Tue, Sep 15, 2015 at 1:48 PM, Olaf Hering  wrote:
> On Tue, Sep 15, George Dunlap wrote:
>
>> It's very reasonable for you to expect it to be fixed on non-SELinux
>> systems.  But what you did is fix it for non-SELinux systems by simply
>> breaking it on SELinux systems -- that's not at all reasonable.
>
> Konrad did some testing at that time and said 4.5 was ok.
> Why is 4.6 broken now?

 OK -- I see that he committed it, but I didn't see him say that he had
 tested this particular patch.  It would be interesting to find out why
 it worked for him.
>>>
>>> It just worked out of the box when I installed an source build of the Xen
>>> on a virgin Fedora box.
>>>
>>> I am not sure how it worked if SELinux ended up being disabled!
>>
>> So how did you install Xen?  "make install"?  Or did you do "make rpmball"?
> 
> ./configure --enable-systemd --prefix=/usr 
> 
> make -j31556
> make install
> 
> cat README | grep systemctl
> [paste all of those in the command line]
> 
> grub2-mkconfig -o /boot/grub/grub2.cfg
> 
> reboot

Right -- so you never did "restorecon" or "fixfiles -f relabel" or
"touch /.autorelabel" or anything explicitly to give the installed
binares their selinux labels?

In which case I'm *guessing* that you never actually set up selinux for
the Xen binares, and the reason it worked for you was that you weren't
actualling using the selinux rules.

>> Is it possible that /usr/sbin/xenstored never got the default selinux
>> label, and so never had any issues from the fact that /var/lib/xenstored
>> also didn't have the proper label?
> 
> 
> I think you are asking me to try this once more and seeing if
> I see the error you think I should be seeing :-)
> 
> I can certainly do that - but not today. Would Friday be OK?

Well, I did think about asking you to try again, but I purposely didn't.
:-)

Since you've offered though, yes, it would be good if you could do
exactly what you did before, and then look at

ls -lZ /usr/sbin/xenstored

And then, perhaps, do "touch /.autorelabel" (assuming that works on
Fedora the way it works on CentOS), reboot, and see what happens (and
what ls -lZ /usr/sbin/xenstored comes up with)?

I won't be working Friday, but I'll be back in Monday.

Thanks,
 -George


___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount

2015-09-15 Thread Konrad Rzeszutek Wilk 
On Tue, Sep 15, 2015 at 03:01:31PM +0100, George Dunlap wrote:
> On 09/15/2015 02:58 PM, Konrad Rzeszutek Wilk wrote:
> > On Tue, Sep 15, 2015 at 01:55:15PM +0100, George Dunlap wrote:
> >> On Tue, Sep 15, 2015 at 1:48 PM, Olaf Hering  wrote:
> >>> On Tue, Sep 15, George Dunlap wrote:
> >>>
>  It's very reasonable for you to expect it to be fixed on non-SELinux
>  systems.  But what you did is fix it for non-SELinux systems by simply
>  breaking it on SELinux systems -- that's not at all reasonable.
> >>>
> >>> Konrad did some testing at that time and said 4.5 was ok.
> >>> Why is 4.6 broken now?
> >>
> >> OK -- I see that he committed it, but I didn't see him say that he had
> >> tested this particular patch.  It would be interesting to find out why
> >> it worked for him.
> > 
> > It just worked out of the box when I installed an source build of the Xen
> > on a virgin Fedora box.
> > 
> > I am not sure how it worked if SELinux ended up being disabled!
> 
> So how did you install Xen?  "make install"?  Or did you do "make rpmball"?

./configure --enable-systemd --prefix=/usr 

make -j31556
make install

cat README | grep systemctl
[paste all of those in the command line]

grub2-mkconfig -o /boot/grub/grub2.cfg

reboot

> 
> Is it possible that /usr/sbin/xenstored never got the default selinux
> label, and so never had any issues from the fact that /var/lib/xenstored
> also didn't have the proper label?


I think you are asking me to try this once more and seeing if
I see the error you think I should be seeing :-)

I can certainly do that - but not today. Would Friday be OK?

> 
>  -George
> 

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount

2015-09-15 Thread Konrad Rzeszutek Wilk 
On Tue, Sep 15, 2015 at 02:48:57PM +0200, Olaf Hering wrote:
> On Tue, Sep 15, George Dunlap wrote:
> 
> > It's very reasonable for you to expect it to be fixed on non-SELinux
> > systems.  But what you did is fix it for non-SELinux systems by simply
> > breaking it on SELinux systems -- that's not at all reasonable.
> 
> Konrad did some testing at that time and said 4.5 was ok.

Correct.
> Why is 4.6 broken now?
> 
> Olaf
> 
> ___
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount

2015-09-15 Thread Konrad Rzeszutek Wilk 
On Tue, Sep 15, 2015 at 01:55:15PM +0100, George Dunlap wrote:
> On Tue, Sep 15, 2015 at 1:48 PM, Olaf Hering  wrote:
> > On Tue, Sep 15, George Dunlap wrote:
> >
> >> It's very reasonable for you to expect it to be fixed on non-SELinux
> >> systems.  But what you did is fix it for non-SELinux systems by simply
> >> breaking it on SELinux systems -- that's not at all reasonable.
> >
> > Konrad did some testing at that time and said 4.5 was ok.
> > Why is 4.6 broken now?
> 
> OK -- I see that he committed it, but I didn't see him say that he had
> tested this particular patch.  It would be interesting to find out why
> it worked for him.

It just worked out of the box when I installed an source build of the Xen
on a virgin Fedora box.

I am not sure how it worked if SELinux ended up being disabled!

> 
>  -George

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount

2015-09-15 Thread George Dunlap 
On 09/15/2015 02:58 PM, Konrad Rzeszutek Wilk wrote:
> On Tue, Sep 15, 2015 at 01:55:15PM +0100, George Dunlap wrote:
>> On Tue, Sep 15, 2015 at 1:48 PM, Olaf Hering  wrote:
>>> On Tue, Sep 15, George Dunlap wrote:
>>>
 It's very reasonable for you to expect it to be fixed on non-SELinux
 systems.  But what you did is fix it for non-SELinux systems by simply
 breaking it on SELinux systems -- that's not at all reasonable.
>>>
>>> Konrad did some testing at that time and said 4.5 was ok.
>>> Why is 4.6 broken now?
>>
>> OK -- I see that he committed it, but I didn't see him say that he had
>> tested this particular patch.  It would be interesting to find out why
>> it worked for him.
> 
> It just worked out of the box when I installed an source build of the Xen
> on a virgin Fedora box.
> 
> I am not sure how it worked if SELinux ended up being disabled!

So how did you install Xen?  "make install"?  Or did you do "make rpmball"?

Is it possible that /usr/sbin/xenstored never got the default selinux
label, and so never had any issues from the fact that /var/lib/xenstored
also didn't have the proper label?

 -George


___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount

2015-09-15 Thread Olaf Hering 
On Tue, Sep 15, George Dunlap wrote:

> It's very reasonable for you to expect it to be fixed on non-SELinux
> systems.  But what you did is fix it for non-SELinux systems by simply
> breaking it on SELinux systems -- that's not at all reasonable.

Konrad did some testing at that time and said 4.5 was ok.
Why is 4.6 broken now?

Olaf

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount

2015-09-15 Thread George Dunlap 
On Tue, Sep 15, 2015 at 1:48 PM, Olaf Hering  wrote:
> On Tue, Sep 15, George Dunlap wrote:
>
>> It's very reasonable for you to expect it to be fixed on non-SELinux
>> systems.  But what you did is fix it for non-SELinux systems by simply
>> breaking it on SELinux systems -- that's not at all reasonable.
>
> Konrad did some testing at that time and said 4.5 was ok.
> Why is 4.6 broken now?

OK -- I see that he committed it, but I didn't see him say that he had
tested this particular patch.  It would be interesting to find out why
it worked for him.

 -George

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount

2015-09-14 Thread George Dunlap 
On 09/11/2015 07:31 AM, Olaf Hering wrote:
> On Thu, Sep 10, George Dunlap wrote:
> 
>> On Fri, Dec 19, 2014 at 11:25 AM, Olaf Hering  wrote:
>>> Using SELinux mount options per default breaks several systems.
>>> Either the context= mount option is not known at all to the kernel,
>>> as reported for ArchLinux. Or the default value "none" is unknown to
>>> SELinux, as reported for Fedora. In both cases the unit will fail.
>>>
>>> The proper place to specify mount options is /etc/fstab. Appearently
>>> systemd is kind enough to use values from there even if Options= or
>>> What= is specified in a .mount file.
>>
>> For the benefit of someone moonlighting as a CentOS package
>> maintainer, could you tell me how adding such an entry in a package is
>> normally done?  Or alternately, how you would recommend a package
>> maintainer to add the appropriate context?
> 
> George, I know nothing about SELinux.
> I think its either up to a rpm %post install script to fiddle with fstab
> and pray that the added lines fit the system policies. Or its up to the
> documentation team to describe how SELinux is supposed to be configured
> for the third party app "Xen" on CentOS.

Well if you "know nothing about SELinux", and you don't use it, and
don't have any test systems that use it, then why did you assert
"The proper place to specify [an SELinux mount context] is /etc/fstab"?
 This patchset was accepted because you represented it as the "right"
way of doing things.

So poking around CentOS 7, it looks like in most cases, after a tmpfs is
mounted, "restorecon -R $mountpoint" is also run, which restores the
default selinux tags.  Manually starting var-lib-xenstored, then running
restorecon, then manually starting xenstored.service seems to work.  So
at the moment I'm trying to figure out if there's a "right" way to get
restorecon run at the right time  (or alternately, a "right" way to
mount a tmpfs at /var/lib/xenstored such that it happens automatically).

If that doesn't work, then adding a xenstored configuration file that
can contain mount options is probably the best option.

 -George

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount

2015-09-14 Thread Olaf Hering 
On Mon, Sep 14, George Dunlap wrote:

> Well if you "know nothing about SELinux", and you don't use it, and
> don't have any test systems that use it, then why did you assert
> "The proper place to specify [an SELinux mount context] is /etc/fstab"?
>  This patchset was accepted because you represented it as the "right"
> way of doing things.

Because at that time the way SELinux was handled failed on systems which
had SELinux disabled, or which did not recognize the option.
And I still think that mount options have to go into fstab.

Olaf

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount

2015-09-11 Thread Olaf Hering 
On Thu, Sep 10, George Dunlap wrote:

> On Fri, Dec 19, 2014 at 11:25 AM, Olaf Hering  wrote:
> > Using SELinux mount options per default breaks several systems.
> > Either the context= mount option is not known at all to the kernel,
> > as reported for ArchLinux. Or the default value "none" is unknown to
> > SELinux, as reported for Fedora. In both cases the unit will fail.
> >
> > The proper place to specify mount options is /etc/fstab. Appearently
> > systemd is kind enough to use values from there even if Options= or
> > What= is specified in a .mount file.
> 
> For the benefit of someone moonlighting as a CentOS package
> maintainer, could you tell me how adding such an entry in a package is
> normally done?  Or alternately, how you would recommend a package
> maintainer to add the appropriate context?

George, I know nothing about SELinux.
I think its either up to a rpm %post install script to fiddle with fstab
and pray that the added lines fit the system policies. Or its up to the
documentation team to describe how SELinux is supposed to be configured
for the third party app "Xen" on CentOS.

Olaf

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount

2015-09-10 Thread M A Young 
On Thu, 10 Sep 2015, George Dunlap wrote:

> On Fri, Dec 19, 2014 at 11:25 AM, Olaf Hering  wrote:
> > Using SELinux mount options per default breaks several systems.
> > Either the context= mount option is not known at all to the kernel,
> > as reported for ArchLinux. Or the default value "none" is unknown to
> > SELinux, as reported for Fedora. In both cases the unit will fail.
> >
> > The proper place to specify mount options is /etc/fstab. Appearently
> > systemd is kind enough to use values from there even if Options= or
> > What= is specified in a .mount file.
> 
> For the benefit of someone moonlighting as a CentOS package
> maintainer, could you tell me how adding such an entry in a package is
> normally done?  Or alternately, how you would recommend a package
> maintainer to add the appropriate context?

I suspect it is actually easier to put the selinux context back into 
systemd file rather than trying to edit /etc/fstab which could get messy.
If that is what you want to do you could look at 
http://pkgs.fedoraproject.org/cgit/xen.git/tree/xen.fedora.systemd.patch
for ideas on how to do it.

Michael Young

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount

2015-09-10 Thread George Dunlap 
On 09/10/2015 03:13 PM, M A Young wrote:
> On Thu, 10 Sep 2015, George Dunlap wrote:
> 
>> On Fri, Dec 19, 2014 at 11:25 AM, Olaf Hering  wrote:
>>> Using SELinux mount options per default breaks several systems.
>>> Either the context= mount option is not known at all to the kernel,
>>> as reported for ArchLinux. Or the default value "none" is unknown to
>>> SELinux, as reported for Fedora. In both cases the unit will fail.
>>>
>>> The proper place to specify mount options is /etc/fstab. Appearently
>>> systemd is kind enough to use values from there even if Options= or
>>> What= is specified in a .mount file.
>>
>> For the benefit of someone moonlighting as a CentOS package
>> maintainer, could you tell me how adding such an entry in a package is
>> normally done?  Or alternately, how you would recommend a package
>> maintainer to add the appropriate context?
> 
> I suspect it is actually easier to put the selinux context back into 
> systemd file rather than trying to edit /etc/fstab which could get messy.
> If that is what you want to do you could look at 
> http://pkgs.fedoraproject.org/cgit/xen.git/tree/xen.fedora.systemd.patch
> for ideas on how to do it.

Right, well manually modifying the upstream source file is not a good
"interface" to provide.  If modifying /etc/fstab is not "the right
solution" for packages, then much better solution would have been to do
what IanC suggested later in this thread, and do something like this
instead:

Options=mode=755,$XENSTORED_MOUNT_OPTIONS

 -George

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount

2015-01-07 Thread Olaf Hering 
On Tue, Jan 06, Ian Campbell wrote:

 On Fri, 2014-12-19 at 12:25 +0100, Olaf Hering wrote:

...

 Acked-by: Ian Campbell ian.campb...@citrix.com
 
 (on commit s/Appearently/Apparently/; s/non-existant/non-existent/ in
 the commit log)

I made typos also in other commit messages. Should I resend the entire
series, or will this be done during commit?

Olaf

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount

2015-01-07 Thread Konrad Rzeszutek Wilk 
On Wed, Jan 07, 2015 at 09:31:50AM +, Ian Campbell wrote:
 On Wed, 2015-01-07 at 10:23 +0100, Olaf Hering wrote:
  On Tue, Jan 06, Ian Campbell wrote:
  
   On Fri, 2014-12-19 at 12:25 +0100, Olaf Hering wrote:
  
  ...
  
   Acked-by: Ian Campbell ian.campb...@citrix.com
   
   (on commit s/Appearently/Apparently/; s/non-existant/non-existent/ in
   the commit log)
  
  I made typos also in other commit messages. Should I resend the entire
  series, or will this be done during commit?
 
 Looks like Konrad already committed, I don't know if he fixed the typos
 (I suppose it doesn't matter now either way).

I did the changes you pointed our here.
 
 Ian.
 
 

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount

2015-01-06 Thread Ian Campbell 
On Fri, 2014-12-19 at 12:25 +0100, Olaf Hering wrote:
 Using SELinux mount options per default breaks several systems.
 Either the context= mount option is not known at all to the kernel,
 as reported for ArchLinux. Or the default value none is unknown to
 SELinux, as reported for Fedora. In both cases the unit will fail.
 
 The proper place to specify mount options is /etc/fstab. Appearently
 systemd is kind enough to use values from there even if Options= or
 What= is specified in a .mount file.
 
 Remove XENSTORED_MOUNT_CTX, the reference to a non-existant
 EnvironmentFile and trim default Options= for the mount point.
 
 The removed code was first mentioned in the patch referenced below,
 with the following description:
 ...
  * Some systems define the selinux context in the systemd Option for
the /var/lib/xenstored tmpfs:
  Options=mode=755,context=system_u:object_r:xenstored_var_lib_t:s0
For the upstream version we remove that and let systems specify
the context on their system /etc/default/xenstored or
/etc/sysconfig/xenstored $XENSTORED_MOUNT_CTX variable
 ...
 It is nowhere stated (on xen-devel) what Some systems means, which
 is unfortunately common practice in nearly all opensource projects.
 http://lists.xenproject.org/archives/html/xen-devel/2014-03/msg02462.html
 
 Signed-off-by: Olaf Hering o...@aepfle.de
 Cc: Ian Jackson ian.jack...@eu.citrix.com
 Cc: Stefano Stabellini stefano.stabell...@eu.citrix.com

Acked-by: Ian Campbell ian.campb...@citrix.com

(on commit s/Appearently/Apparently/; s/non-existant/non-existent/ in
the commit log)

 -Options=mode=755,context=$XENSTORED_MOUNT_CTX
 +Options=mode=755

FWIW an alternative might have been:
  Options=mode=755,$XENSTORED_MOUNT_OPTIONS
where the variable from the EnvironmentFile could contain context= as
necessary (and maybe even mode=... by default).

But if /etc/fstab is the Right Place(tm) then lets go with that for 4.5.

Ian.



___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount

2015-01-06 Thread Ian Jackson 
Olaf Hering writes ([PATCH 1/7] tools/hotplug: remove SELinux options from 
var-lib-xenstored.mount):
 Using SELinux mount options per default breaks several systems.
 Either the context= mount option is not known at all to the kernel,
 as reported for ArchLinux. Or the default value none is unknown to
 SELinux, as reported for Fedora. In both cases the unit will fail.
...
 Signed-off-by: Olaf Hering o...@aepfle.de

Acked-by: Ian Jackson ian.jack...@eu.citrix.com

When applied along with the README change provided by Konrad.

Ian.

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

[Xen-devel] [PATCH 1/7] tools/hotplug: remove SELinux options from var-lib-xenstored.mount

2014-12-19 Thread Olaf Hering 
Using SELinux mount options per default breaks several systems.
Either the context= mount option is not known at all to the kernel,
as reported for ArchLinux. Or the default value none is unknown to
SELinux, as reported for Fedora. In both cases the unit will fail.

The proper place to specify mount options is /etc/fstab. Appearently
systemd is kind enough to use values from there even if Options= or
What= is specified in a .mount file.

Remove XENSTORED_MOUNT_CTX, the reference to a non-existant
EnvironmentFile and trim default Options= for the mount point.

The removed code was first mentioned in the patch referenced below,
with the following description:
...
 * Some systems define the selinux context in the systemd Option for
   the /var/lib/xenstored tmpfs:
 Options=mode=755,context=system_u:object_r:xenstored_var_lib_t:s0
   For the upstream version we remove that and let systems specify
   the context on their system /etc/default/xenstored or
   /etc/sysconfig/xenstored $XENSTORED_MOUNT_CTX variable
...
It is nowhere stated (on xen-devel) what Some systems means, which
is unfortunately common practice in nearly all opensource projects.
http://lists.xenproject.org/archives/html/xen-devel/2014-03/msg02462.html

Signed-off-by: Olaf Hering o...@aepfle.de
Cc: Ian Jackson ian.jack...@eu.citrix.com
Cc: Stefano Stabellini stefano.stabell...@eu.citrix.com
Cc: Ian Campbell ian.campb...@citrix.com
Cc: Wei Liu wei.l...@citrix.com
Cc: Anthony PERARD anthony.per...@citrix.com
Cc: M A Young m.a.yo...@durham.ac.uk
Cc: Luis R. Rodriguez mcg...@do-not-panic.com
---
 tools/hotplug/Linux/systemd/var-lib-xenstored.mount.in | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/tools/hotplug/Linux/systemd/var-lib-xenstored.mount.in 
b/tools/hotplug/Linux/systemd/var-lib-xenstored.mount.in
index d5e04db..11a7d50 100644
--- a/tools/hotplug/Linux/systemd/var-lib-xenstored.mount.in
+++ b/tools/hotplug/Linux/systemd/var-lib-xenstored.mount.in
@@ -6,9 +6,7 @@ ConditionPathExists=/proc/xen/capabilities
 RefuseManualStop=true
 
 [Mount]
-Environment=XENSTORED_MOUNT_CTX=none
-EnvironmentFile=-@CONFIG_DIR@/@CONFIG_LEAF_DIR@/xenstored
 What=xenstore
 Where=@XEN_LIB_STORED@
 Type=tmpfs
-Options=mode=755,context=$XENSTORED_MOUNT_CTX
+Options=mode=755

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel