[Pkg-xen-devel] Bug#764912: xen-utils-common: needs to apply SE Linux labels after creating directories in start script
Russell Coker
russell at coker.com.au
Sun Oct 12 06:55:52 UTC 2014
Package: xen-utils-common
Version: 4.4.1-2
Severity: normal
For correct operation under SE Linux the start script needs to assign correct
security labels to firectories it creates. Note that restorcon doesn't cause
any problems if run twice. If it's executable then you can safely run it.
Below is a patch that demonstrates how to solve this problem.
--- xen.old 2014-10-12 17:49:11.348923959 +1100
+++ xen 2014-10-12 17:50:49.257694941 +1100
@@ -66,6 +66,7 @@
[ -d /run/xen ] && return 0
mkdir -m 700 /run/xen
+ [ -x /sbin/restorecon ] && /sbin/restorecon /run/xen
}
xend_start()
@@ -189,6 +190,7 @@
start-stop-daemon --start --quiet --pidfile "$XENSTORED_PIDFILE" --exec "$XENSTORED" --test > /dev/null \
|| return 1
[ -d "$XENSTORED_DIR" ] || mkdir -p "$XENSTORED_DIR"
+ [ -x /sbin/restorecon ] && /sbin/restorecon "$XENSTORED_DIR"
export XENSTORED_ROOTDIR="$XENSTORED_DIR"
start-stop-daemon --start --quiet --pidfile "$XENSTORED_PIDFILE" --exec "$XENSTORED" -- \
$XENSTORED_ARGS --pid-file="$XENSTORED_PIDFILE" \
-- System Information:
Debian Release: 7.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.14-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages xen-utils-common depends on:
ii lsb-base 4.1+Debian8+deb7u1
ii python 2.7.8-1
ii ucf 3.0025+nmu3
ii udev 175-7.2
ii xenstore-utils 4.1.4-3+deb7u3
xen-utils-common recommends no packages.
xen-utils-common suggests no packages.
-- Configuration Files:
/etc/init.d/xen changed:
.. /lib/init/vars.sh
.. /lib/lsb/init-functions
XENSTORED_DIR="/var/run/xenstored"
[ -r /etc/default/xen ] && . /etc/default/xen
[ -r /etc/default/xend ] && . /etc/default/xend
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DESC="Xen daemons"
ROOT=$(/usr/lib/xen-common/bin/xen-dir 2>/dev/null)
if [ $? -ne 0 ]; then
log_warning_msg "Not running within Xen or no compatible utils"
exit 0
fi
TOOLSTACK=$(/usr/lib/xen-common/bin/xen-toolstack 2>/dev/null)
if [ $? -ne 0 ]; then
log_warning_msg "No usable Xen toolstack selected"
exit 0
fi
[ -e "$ROOT"/bin/xend ] && XEND="$ROOT"/bin/xend
XENCONSOLED="$ROOT"/bin/xenconsoled
XENCONSOLED_PIDFILE="/var/run/xenconsoled.pid"
XENSTORED="$ROOT"/bin/xenstored
XENSTORED_PIDFILE="/var/run/xenstore.pid"
modules_setup()
{
modprobe xenfs 2>/dev/null
modprobe xen-evtchn 2>/dev/null
modprobe xen-gntdev 2>/dev/null
}
xenfs_setup()
{
[ -e "/proc/xen/capabilities" ] && return 0
log_progress_msg "xenfs"
[ -d "/proc/xen" ] || return 1
mount -t xenfs xenfs /proc/xen || return 1
return 0
}
capability_check()
{
[ -e "/proc/xen/capabilities" ] || return 1
grep -q "control_d" /proc/xen/capabilities || return 1
return 0
}
env_setup()
{
[ -d /run/xen ] && return 0
mkdir -m 700 /run/xen
[ -x /sbin/restorecon ] && /sbin/restorecon /run/xen
}
xend_start()
{
if [ -z "$XEND" ] || [ "$(basename "$TOOLSTACK")" != xm ]; then
return 0
fi
log_progress_msg "xend"
xend_start_real
return $?
}
xend_stop()
{
if [ -z "$XEND" ] || [ "$(basename "$TOOLSTACK")" != xm ]; then
return 0
fi
log_progress_msg "xend"
xend_stop_real
return $?
}
xend_restart()
{
if [ -z "$XEND" ] || [ "$(basename "$TOOLSTACK")" != xm ]; then
return 0
fi
log_progress_msg "xend"
xend_stop_real
case "$?" in
0|1)
xend_start_real
case "$?" in
0) ;;
*) return 2 ;;
esac
;;
*) return 2 ;;
esac
return 0
}
xend_start_real()
{
$XEND status && return 1
$XEND start || return 2
i=0
while [ $i -lt 10 ]; do
$XEND status && return 0 || true
i=$(($i + 1))
sleep 1
done
return 2
}
xend_stop_real()
{
log_progress_msg "xend"
$XEND status || return 0
$XEND stop || return 1
}
xenconsoled_start()
{
log_progress_msg "xenconsoled"
xenconsoled_start_real
return $?
}
xenconsoled_stop()
{
log_progress_msg "xenconsoled"
xenconsoled_stop_real
return $?
}
xenconsoled_restart()
{
log_progress_msg "xenconsoled"
xenconsoled_stop_real
case "$?" in
0|1)
xenconsoled_start_real
case "$?" in
0) ;;
*) return 2 ;;
esac
;;
*) return 2 ;;
esac
return 0
}
xenconsoled_start_real()
{
start-stop-daemon --start --quiet --pidfile "$XENCONSOLED_PIDFILE" --exec "$XENCONSOLED" --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --pidfile "$XENCONSOLED_PIDFILE" --exec "$XENCONSOLED" -- \
$XENCONSOLED_ARGS --pid-file="$XENCONSOLED_PIDFILE" \
|| return 2
}
xenconsoled_stop_real()
{
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile "$XENCONSOLED_PIDFILE" --name xenconsoled
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec "$XENCONSOLED"
[ "$?" = 2 ] && return 2
rm -f $PIDFILE
return "$RETVAL"
}
xenstored_start()
{
log_progress_msg "xenstored"
start-stop-daemon --start --quiet --pidfile "$XENSTORED_PIDFILE" --exec "$XENSTORED" --test > /dev/null \
|| return 1
[ -d "$XENSTORED_DIR" ] || mkdir -p "$XENSTORED_DIR"
[ -x /sbin/restorecon ] && /sbin/restorecon "$XENSTORED_DIR"
export XENSTORED_ROOTDIR="$XENSTORED_DIR"
start-stop-daemon --start --quiet --pidfile "$XENSTORED_PIDFILE" --exec "$XENSTORED" -- \
$XENSTORED_ARGS --pid-file="$XENSTORED_PIDFILE" \
|| return 2
xenstore-write "/local/domain/0/name" "Domain-0"
xenstore-write "/local/domain/0/domid" "0"
}
case "$1" in
start)
log_daemon_msg "Starting $DESC"
modules_setup
xenfs_setup
case "$?" in
0) ;;
*) log_end_msg 1; exit ;;
esac
capability_check
case "$?" in
0) ;;
*) log_end_msg 255; exit ;;
esac
env_setup
xenstored_start
case "$?" in
0|1) ;;
*) log_end_msg 1; exit ;;
esac
xenconsoled_start
case "$?" in
0|1) ;;
*) log_end_msg 1; exit ;;
esac
xend_start
case "$?" in
0|1) ;;
*) log_end_msg 1; exit ;;
esac
log_end_msg 0
;;
stop)
capability_check
case "$?" in
0) ;;
*) exit ;;
esac
log_daemon_msg "Stopping $DESC"
ret=0
xend_stop
case "$?" in
0|1) ;;
*) ret=1 ;;
esac
xenconsoled_stop
case "$?" in
0|1) ;;
*) ret=1 ;;
esac
log_end_msg $ret
;;
restart|force-reload)
capability_check
case "$?" in
0) ;;
*) exit ;;
esac
log_daemon_msg "Restarting $DESC"
ret=0
xend_restart
case "$?" in
0|1) ;;
*) ret=1 ;;
esac
xenconsoled_restart
case "$?" in
0|1) ;;
*) ret=1 ;;
esac
log_end_msg $ret
;;
*)
echo "Usage: $0 {start|stop|restart|force-reload}" >&2
exit 3
;;
esac
exit 0
-- no debconf information
More information about the Pkg-xen-devel
mailing list