[Pkg-xen-devel] Bug#678719: xen-utils-common: please label all created directories for SE Linux
Russell Coker
russell at coker.com.au
Sun Jun 24 00:33:23 UTC 2012
Package: xen-utils-common
Version: 4.1.3~rc1+hg-20120614.a9c0a89c08f2-2
Severity: important
Please modify the init scripts in a manner similar to the following to give
the correct SE Linux labels. Failing to correctly label them may result in
Xen not working correctly when SE Linux is enabled.
--- /etc/init.d/xen.orig 2012-06-24 10:29:04.000000000 +1000
+++ /etc/init.d/xen 2012-06-24 10:29:54.000000000 +1000
@@ -182,6 +182,7 @@
start-stop-daemon --start --quiet --pidfile "$XENSTORED_PIDFILE" --exec "$XENSTORED" --test > /dev/null \
|| return 1
[ -d "$XENSTORED_DIR" ] || mkdir -p "$XENSTORED_DIR"
+ [ -x /sbin/restorecon ] && /sbin/restorecon "$XENSTORED_DIR"
export XENSTORED_ROOTDIR="$XENSTORED_DIR"
start-stop-daemon --start --quiet --pidfile "$XENSTORED_PIDFILE" --exec "$XENSTORED" -- \
$XENSTORED_ARGS --pid-file="$XENSTORED_PIDFILE" \
--- /etc/init.d/xendomains.orig 2012-06-24 10:29:08.000000000 +1000
+++ /etc/init.d/xendomains 2012-06-24 10:30:05.000000000 +1000
@@ -152,6 +152,7 @@
{
[ -n "$XENDOMAINS_SAVE" ] || return
[ -d "$XENDOMAINS_SAVE" ] || mkdir -m 0700 -p "$XENDOMAINS_SAVE"
+ [ -x /sbin/restorecon ] && /sbin/restorecon "$XENDOMAINS_SAVE"
while read id name rest; do
log_action_begin_msg "Saving Xen domain $name ($id)"
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages xen-utils-common depends on:
ii gawk 1:4.0.1+dfsg-2
ii lsb-base 4.1+Debian7
ii python 2.7.3~rc2-1
ii ucf 3.0025+nmu3
ii udev 175-3.1
ii xenstore-utils 4.1.3~rc1+hg-20120614.a9c0a89c08f2-2
xen-utils-common recommends no packages.
xen-utils-common suggests no packages.
-- Configuration Files:
/etc/init.d/xen changed:
. /lib/init/vars.sh
. /lib/lsb/init-functions
XENSTORED_DIR="/var/run/xenstored"
[ -r /etc/default/xen ] && . /etc/default/xen
[ -r /etc/default/xend ] && . /etc/default/xend
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DESC="Xen daemons"
ROOT=$(/usr/lib/xen-common/bin/xen-dir 2>/dev/null)
if [ $? -ne 0 ]; then
log_warning_msg "Not running within Xen or no compatible utils"
exit 0
fi
TOOLSTACK=$(/usr/lib/xen-common/bin/xen-toolstack 2>/dev/null)
if [ $? -ne 0 ]; then
log_warning_msg "No usable Xen toolstack selected"
exit 0
fi
[ -e "$ROOT"/bin/xend ] && XEND="$ROOT"/bin/xend
XENCONSOLED="$ROOT"/bin/xenconsoled
XENCONSOLED_PIDFILE="/var/run/xenconsoled.pid"
XENSTORED="$ROOT"/bin/xenstored
XENSTORED_PIDFILE="/var/run/xenstore.pid"
modules_setup()
{
modprobe xenfs 2>/dev/null
modprobe xen-evtchn 2>/dev/null
modprobe xen-gntdev 2>/dev/null
}
xenfs_setup()
{
[ -e "/proc/xen/capabilities" ] && return 0
log_progress_msg "xenfs"
[ -d "/proc/xen" ] || return 1
mount -t xenfs xenfs /proc/xen || return 1
return 0
}
capability_check()
{
[ -e "/proc/xen/capabilities" ] || return 1
grep -q "control_d" /proc/xen/capabilities || return 1
return 0
}
xend_start()
{
if [ -z "$XEND" ] || [ "$(basename "$TOOLSTACK")" != xm ]; then
return 0
fi
log_progress_msg "xend"
xend_start_real
return $?
}
xend_stop()
{
if [ -z "$XEND" ] || [ "$(basename "$TOOLSTACK")" != xm ]; then
return 0
fi
log_progress_msg "xend"
xend_stop_real
return $?
}
xend_restart()
{
if [ -z "$XEND" ] || [ "$(basename "$TOOLSTACK")" != xm ]; then
return 0
fi
log_progress_msg "xend"
xend_stop_real
case "$?" in
0|1)
xend_start_real
case "$?" in
0) ;;
*) return 2 ;;
esac
;;
*) return 2 ;;
esac
return 0
}
xend_start_real()
{
$XEND status && return 1
$XEND start || return 2
i=0
while [ $i -lt 10 ]; do
$XEND status && return 0 || true
i=$(($i + 1))
sleep 1
done
return 2
}
xend_stop_real()
{
log_progress_msg "xend"
$XEND status || return 0
$XEND stop || return 1
}
xenconsoled_start()
{
log_progress_msg "xenconsoled"
xenconsoled_start_real
return $?
}
xenconsoled_stop()
{
log_progress_msg "xenconsoled"
xenconsoled_stop_real
return $?
}
xenconsoled_restart()
{
log_progress_msg "xenconsoled"
xenconsoled_stop_real
case "$?" in
0|1)
xenconsoled_start_real
case "$?" in
0) ;;
*) return 2 ;;
esac
;;
*) return 2 ;;
esac
return 0
}
xenconsoled_start_real()
{
start-stop-daemon --start --quiet --pidfile "$XENCONSOLED_PIDFILE" --exec "$XENCONSOLED" --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --pidfile "$XENCONSOLED_PIDFILE" --exec "$XENCONSOLED" -- \
$XENCONSOLED_ARGS --pid-file="$XENCONSOLED_PIDFILE" \
|| return 2
}
xenconsoled_stop_real()
{
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile "$XENCONSOLED_PIDFILE" --name xenconsoled
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec "$XENCONSOLED"
[ "$?" = 2 ] && return 2
rm -f $PIDFILE
return "$RETVAL"
}
xenstored_start()
{
log_progress_msg "xenstored"
start-stop-daemon --start --quiet --pidfile "$XENSTORED_PIDFILE" --exec "$XENSTORED" --test > /dev/null \
|| return 1
[ -d "$XENSTORED_DIR" ] || mkdir -p "$XENSTORED_DIR"
[ -x /sbin/restorecon ] && /sbin/restorecon "$XENSTORED_DIR"
export XENSTORED_ROOTDIR="$XENSTORED_DIR"
start-stop-daemon --start --quiet --pidfile "$XENSTORED_PIDFILE" --exec "$XENSTORED" -- \
$XENSTORED_ARGS --pid-file="$XENSTORED_PIDFILE" \
|| return 2
xenstore-write "/local/domain/0/name" "Domain-0"
}
case "$1" in
start)
log_daemon_msg "Starting $DESC"
modules_setup
xenfs_setup
case "$?" in
0) ;;
*) log_end_msg 1; exit ;;
esac
capability_check
case "$?" in
0) ;;
*) log_end_msg 255; exit ;;
esac
xenstored_start
case "$?" in
0|1) ;;
*) log_end_msg 1; exit ;;
esac
xenconsoled_start
case "$?" in
0|1) ;;
*) log_end_msg 1; exit ;;
esac
xend_start
case "$?" in
0|1) ;;
*) log_end_msg 1; exit ;;
esac
log_end_msg 0
;;
stop)
capability_check
case "$?" in
0) ;;
*) exit ;;
esac
log_daemon_msg "Stopping $DESC"
ret=0
xend_stop
case "$?" in
0|1) ;;
*) ret=1 ;;
esac
xenconsoled_stop
case "$?" in
0|1) ;;
*) ret=1 ;;
esac
log_end_msg $ret
;;
restart|force-reload)
capability_check
case "$?" in
0) ;;
*) exit ;;
esac
log_daemon_msg "Restarting $DESC"
ret=0
xend_restart
case "$?" in
0|1) ;;
*) ret=1 ;;
esac
xenconsoled_restart
case "$?" in
0|1) ;;
*) ret=1 ;;
esac
log_end_msg $ret
;;
*)
echo "Usage: $0 {start|stop|restart|force-reload}" >&2
exit 3
;;
esac
exit 0
/etc/init.d/xendomains changed:
. /lib/init/vars.sh
. /lib/lsb/init-functions
xen list &> /dev/null
if test $? -ne 0
then
exit 0;
fi
if ! [ -e /proc/xen/privcmd ]; then
exit 0
fi
[ -r /etc/default/xendomains ] && . /etc/default/xendomains
shopt -s nullglob
check_config_name()
{
xen create --quiet --dryrun --defconfig "$1" | sed -n 's/^.*(name \(.*\))$/\1/p'
}
check_running()
{
xen domid "$1" > /dev/null 2>&1
return $?
}
timeout_coproc()
{
TIMEOUT="$1"
for no in $(seq 0 $TIMEOUT); do
if [ -z "$COPROC_PID" ]; then return 0; fi
sleep 1
log_action_cont_msg
done
kill -INT "$COPROC_PID" >/dev/null 2>&1
wait $COPROC_PID
return 1
}
timeout_domain()
{
name="$1"
TIMEOUT="$2"
for no in $(seq 0 $TIMEOUT); do
if ! check_running "$name"; then return 0; fi
sleep 1
log_action_cont_msg
done
return 1
}
do_start_restore()
{
[ -n "$XENDOMAINS_SAVE" ] || return
[ -d "$XENDOMAINS_SAVE" ] || return
[ -n "$XENDOMAINS_RESTORE" ] || return
for file in $XENDOMAINS_SAVE/*; do
if [ -f $file ] ; then
name="${file##*/}"
log_action_begin_msg "Restoring Xen domain $name (from $file)"
out=$(xen restore "$file" 2>&1 1>/dev/null)
case "$?" in
0)
rm "$file"
domains[$name]='started'
log_action_end_msg 0
;;
*)
domains[$name]='failed'
log_action_end_msg 1
echo "$out"
;;
esac
fi
done
}
do_start_auto()
{
[ -n "$XENDOMAINS_AUTO" ] || return
[ -d "$XENDOMAINS_AUTO" ] || return
for file in $XENDOMAINS_AUTO/*; do
name="$(check_config_name $file)"
if [ "${domains[$name]}" = started ]; then
:
elif check_running "$name"; then
log_action_msg "Xen domain $name already running"
else
log_action_begin_msg "Starting Xen domain $name (from $file)"
if [ "${domains[$name]}" = failed ]; then
log_action_end_msg 1 "restore failed"
else
out=$(xen create --quiet --defconfig "$file" 2>&1 1>/dev/null)
case "$?" in
0)
log_action_end_msg 0
;;
*)
log_action_end_msg 1
echo "$out"
;;
esac
fi
fi
done
}
do_start()
{
declare -A domains
do_start_restore
do_start_auto
}
do_stop_migrate()
{
[ -n "$XENDOMAINS_MIGRATE" ] || return
while read id name rest; do
log_action_begin_msg "Migrating Xen domain $name ($id)"
coproc xen migrate $id $XENDOMAINS_MIGRATE 2>&1 1>/dev/null
timeout_coproc "$XENDOMAINS_STOP_MAXWAIT"
log_action_end_msg $?
done < <(/usr/lib/xen-common/bin/xen-init-list)
}
do_stop_save()
{
[ -n "$XENDOMAINS_SAVE" ] || return
[ -d "$XENDOMAINS_SAVE" ] || mkdir -m 0700 -p "$XENDOMAINS_SAVE"
[ -x /sbin/restorecon ] && /sbin/restorecon "$XENDOMAINS_SAVE"
while read id name rest; do
log_action_begin_msg "Saving Xen domain $name ($id)"
coproc xen save $id $XENDOMAINS_SAVE/$name 2>&1 1>/dev/null
timeout_coproc "$XENDOMAINS_STOP_MAXWAIT"
log_action_end_msg $?
done < <(/usr/lib/xen-common/bin/xen-init-list)
}
do_stop_shutdown()
{
while read id name rest; do
log_action_begin_msg "Shutting down Xen domain $name ($id)"
xen shutdown $id 2>&1 1>/dev/null
timeout_domain "$name" "$XENDOMAINS_STOP_MAXWAIT"
log_action_end_msg $?
done < <(/usr/lib/xen-common/bin/xen-init-list)
}
do_stop()
{
do_stop_migrate
do_stop_save
do_stop_shutdown
}
case "$1" in
start)
do_start
;;
stop)
do_stop
;;
restart)
do_stop
do_start
;;
reload|force-reload)
do_stop
do_start
;;
*)
echo "Usage: $0 {start|stop|restart|reload|force-reload}"
exit 3
;;
esac
exit 0
-- debconf-show failed
More information about the Pkg-xen-devel
mailing list