Xen users - Jul 2006 - Question

If I specify:

disk = [ ''phy:hda4,hda1,w'' ]

Must the filesystem on the exported partition be one that can be
understood by the dom0 OS.

-- 
John R. Shannon, CISSP
Chief Scientist
DSCI, Information Assurance Division
jshannon@dsci-usa.com
john.r.shannon@us.army.mil
shannonjr@NetBSD.org
(208)522-4506

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

No.
But if you want to make changes to the file system from dom0 before
booting it, you''re in "trouble".

+Katriel

John R. Shannon wrote:
> If I specify:
> 
> disk = [ ''phy:hda4,hda1,w'' ]
> 
> Must the filesystem on the exported partition be one that can be
> understood by the dom0 OS.
> 
- --
Katriel Traum, PenguinIT
RHCE, CLP
Mobile: 054-6789953
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFEyKVVDWy+Hv/461sRAl+oAKDwzrRe/eqk0gKeBTmAIo7eWgFBigCgzqFO
wVWcjOkrOwn7FcjX6C8V5EE=QNbu
-----END PGP SIGNATURE-----

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

I installed xen, the installation went perfectly fine.  I booted into dom0
zero using the grub entry:
title Fedora Core (2.6.17-1.2174_FC5xen0)
        root (hd0,0)
        kernel /xen.gz-2.6.17-1.2174_FC5
        module /vmlinuz-2.6.17-1.2174_FC5xen0 ro
root=/dev/VolGroup00/LogVol00 3        module /initrd-
2.6.17-1.2174_FC5xen0.img

and everything went fine until the very end where i got about 400 lines of
error messages that all looked similar to this:

Aug 15 16:41:18 localhost kernel: audit(1155685274.262:362): avc:  denied  {
create } for  pid=2925 comm="python" name="xend"
scontext=system_u:system_r:xend_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=dir
Aug 15 16:41:18 localhost kernel: audit(1155685274.238:361): avc:  denied  {
read write } for  pid=2916 comm="ifconfig" name="[8470]"
dev=sockfs ino=8470
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:system_r:xend_t:s0 tclass=unix_stream_socket
Aug 15 16:41:18 localhost kernel: audit(1155685274.238:360): avc:  denied  {
read write } for  pid=2916 comm="ifconfig" name="privcmd"
dev=proc
ino=-268433972 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_xen_t:s0 tclass=file
Aug 15 16:41:18 localhost kernel: audit(1155685274.238:359): avc:  denied  {
read write } for  pid=2916 comm="ifconfig" name="privcmd"
dev=proc
ino=-268433972 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_xen_t:s0 tclass=file
Aug 15 16:41:18 localhost kernel: audit(1155685274.238:358): avc:  denied  {
read write } for  pid=2916 comm="ifconfig" name="privcmd"
dev=proc
ino=-268433972 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_xen_t:s0 tclass=file
Aug 15 16:41:18 localhost kernel: audit(1155685274.238:357): avc:  denied  {
read write } for  pid=2916 comm="ifconfig" name="privcmd"
dev=proc
ino=-268433972 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_xen_t:s0 tclass=file
Aug 15 16:41:18 localhost kernel: audit(1155685274.238:356): avc:  denied  {
read write } for  pid=2916 comm="ifconfig" name="privcmd"
dev=proc
ino=-268433972 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_xen_t:s0 tclass=file
Aug 15 16:41:18 localhost kernel: audit(1155685274.238:355): avc:  denied  {
read write } for  pid=2916 comm="ifconfig" name="privcmd"
dev=proc
ino=-268433972 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_xen_t:s0 tclass=file
Aug 15 16:41:18 localhost kernel: audit(1155685274.234:354): avc:  denied  {
read write } for  pid=2916 comm="ifconfig" name="privcmd"
dev=proc
ino=-268433972 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:proc_xen_t:s0 tclass=file
Aug 15 16:41:18 localhost kernel: audit(1155685274.234:353): avc:  denied  {
read write } for  pid=2916 comm="ifconfig" name="privcmd"
dev=proc
ino=-268433972 scontext=system_u:system_r:ifconfig_t:s0

Thanks a lot for your help!


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Tue, Aug 15, 2006 at 05:14:19PM -0700, Corey B wrote:
> I installed xen, the installation went perfectly fine.  I booted into dom0
> zero using the grub entry:
> title Fedora Core (2.6.17-1.2174_FC5xen0)
>        root (hd0,0)
>        kernel /xen.gz-2.6.17-1.2174_FC5
>        module /vmlinuz-2.6.17-1.2174_FC5xen0 ro
> root=/dev/VolGroup00/LogVol00 3        module /initrd-
> 2.6.17-1.2174_FC5xen0.img
I''m just guessing but this looks like selinux to me.  Try adding
"selinux=0" to the kernel commanline ie:

title Fedora Core (2.6.17-1.2174_FC5xen0)
root (hd0,0)
kernel /xen.gz-2.6.17-1.2174_FC5
module /vmlinuz-2.6.17-1.2174_FC5xen0 ro root=/dev/VolGroup00/LogVol00 3 module
/initrd-2.6.17-1.2174_FC5xen0.img selinux=0

If this boots without the errors then you''ll need to ask on selinux
lists (or mayber here aswell) to workout how to add the appropriate
changes to your selinux policy.

Yours Tony

   linux.conf.au       http://linux.conf.au/ || http://lca2007.linux.org.au/
   Jan 15-20 2007      The Australian Linux Technical Conference!


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

That didn''t work, but thanks for your fast responce.

On 8/15/06, Tony Breeds <tony@bakeyournoodle.com>
wrote:
>
> On Tue, Aug 15, 2006 at 05:14:19PM -0700, Corey B wrote:
> > I installed xen, the installation went perfectly fine.  I booted into
> dom0
> > zero using the grub entry:
> > title Fedora Core (2.6.17-1.2174_FC5xen0)
> >        root (hd0,0)
> >        kernel /xen.gz-2.6.17-1.2174_FC5
> >        module /vmlinuz-2.6.17-1.2174_FC5xen0 ro
> > root=/dev/VolGroup00/LogVol00 3        module /initrd-
> > 2.6.17-1.2174_FC5xen0.img
>
> I''m just guessing but this looks like selinux to me.  Try adding
> "selinux=0" to the kernel commanline ie:
>
> title Fedora Core (2.6.17-1.2174_FC5xen0)
> root (hd0,0)
> kernel /xen.gz-2.6.17-1.2174_FC5
> module /vmlinuz-2.6.17-1.2174_FC5xen0 ro root=/dev/VolGroup00/LogVol00 3
> module /initrd-2.6.17-1.2174_FC5xen0.img selinux=0
>
> If this boots without the errors then you''ll need to ask on
selinux
> lists (or mayber here aswell) to workout how to add the appropriate
> changes to your selinux policy.
>
> Yours Tony
>
>    linux.conf.au       http://linux.conf.au/ ||
> http://lca2007.linux.org.au/
>    Jan 15-20 2007      The Australian Linux Technical Conference!
>
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Tony Breeds wrote:
> On Tue, Aug 15, 2006 at 05:14:19PM -0700, Corey B wrote:
> I''m just guessing but this looks like selinux to me.  Try adding
> "selinux=0" to the kernel commanline ie:
> 
> title Fedora Core (2.6.17-1.2174_FC5xen0)
> root (hd0,0)
> kernel /xen.gz-2.6.17-1.2174_FC5
> module /vmlinuz-2.6.17-1.2174_FC5xen0 ro root=/dev/VolGroup00/LogVol00 3
module /initrd-2.6.17-1.2174_FC5xen0.img selinux=0
> 
> If this boots without the errors then you''ll need to ask on
selinux
> lists (or mayber here aswell) to workout how to add the appropriate
> changes to your selinux policy.
Right idea, wrong line of the config.


title Fedora Core (2.6.17-1.2174_FC5xen0)
root (hd0,0)
kernel /xen.gz-2.6.17-1.2174_FC5
module /vmlinuz-2.6.17-1.2174_FC5xen0 ro root=/dev/VolGroup00/LogVol00 
selinux=0
module /initrd-2.6.17-1.2174_FC5xen0.img

My usual method of turning it off it to disable selinux in 
/etc/sysconfig/selinux

-Mike

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Still no good.....

On 8/15/06, Michael Best <mbest@pendragon.org>
wrote:
>
> Tony Breeds wrote:
> > On Tue, Aug 15, 2006 at 05:14:19PM -0700, Corey B wrote:
> > I''m just guessing but this looks like selinux to me.  Try
adding
> > "selinux=0" to the kernel commanline ie:
> >
> > title Fedora Core (2.6.17-1.2174_FC5xen0)
> > root (hd0,0)
> > kernel /xen.gz-2.6.17-1.2174_FC5
> > module /vmlinuz-2.6.17-1.2174_FC5xen0 ro root=/dev/VolGroup00/LogVol00
3
> module /initrd-2.6.17-1.2174_FC5xen0.img selinux=0
> >
> > If this boots without the errors then you''ll need to ask on
selinux
> > lists (or mayber here aswell) to workout how to add the appropriate
> > changes to your selinux policy.
>
> Right idea, wrong line of the config.
>
>
> title Fedora Core (2.6.17-1.2174_FC5xen0)
> root (hd0,0)
> kernel /xen.gz-2.6.17-1.2174_FC5
> module /vmlinuz-2.6.17-1.2174_FC5xen0 ro root=/dev/VolGroup00/LogVol00
> selinux=0
> module /initrd-2.6.17-1.2174_FC5xen0.img
>
> My usual method of turning it off it to disable selinux in
> /etc/sysconfig/selinux
>
> -Mike
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Wed, 16 Aug 2006, Tony Breeds wrote:
> On Tue, Aug 15, 2006 at 05:14:19PM -0700, Corey B wrote:
> > I installed xen, the installation went perfectly fine.  I booted into
dom0
> > zero using the grub entry:
> > title Fedora Core (2.6.17-1.2174_FC5xen0)
> >        root (hd0,0)
> >        kernel /xen.gz-2.6.17-1.2174_FC5
> >        module /vmlinuz-2.6.17-1.2174_FC5xen0 ro
> > root=/dev/VolGroup00/LogVol00 3        module /initrd-
> > 2.6.17-1.2174_FC5xen0.img
> 
> I''m just guessing but this looks like selinux to me.  Try adding
> "selinux=0" to the kernel commanline ie:
Please don''t tell people to add selinux=0 to "fix" problems
with SELinux
policy.  It just papers over the real issue and the developers don''t
find
out what needs fixing.

Most likely, someone hitting a problem like this is using Fedora.  There 
are several ways to get the problem fixed very quickly (often overnight):

File a bug:

  https://bugzilla.redhat.com/bugzilla/index.cgi

Send an email to a related mailing list:

  https://www.redhat.com/mailman/listinfo/fedora-xen
  http://www.redhat.com/mailman/listinfo/fedora-list
  http://www.nsa.gov/selinux/info/list.cfm


If you don''t get a quick resolution to a problem, email me personally.



Thanks,


- James
-- 
James Morris
<jmorris@redhat.com>



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Wed, Aug 16, 2006 at 11:36:59AM -0400, James Morris wrote:
 
> Please don''t tell people to add selinux=0 to "fix"
problems with SELinux
> policy.  It just papers over the real issue and the developers
don''t find
> out what needs fixing.
Hi James,
	I understand your position.  If you read the rest of my original
I did suggest that if this helped Corey B should seek help on fixing his
selinux policy from more knowledgable folks.

You''re right I could have used stronger language in this suggestion,
as even you missed it.

Yours Tony

   linux.conf.au       http://linux.conf.au/ || http://lca2007.linux.org.au/
   Jan 15-20 2007      The Australian Linux Technical Conference!


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Thu, 17 Aug 2006, Tony Breeds wrote:
> On Wed, Aug 16, 2006 at 11:36:59AM -0400, James Morris wrote:
>  
> > Please don''t tell people to add selinux=0 to "fix"
problems with SELinux
> > policy.  It just papers over the real issue and the developers
don''t find
> > out what needs fixing.
> 
> Hi James,
> 	I understand your position.  If you read the rest of my original
> I did suggest that if this helped Corey B should seek help on fixing his
> selinux policy from more knowledgable folks.
Yes, you''re right, sorry.



- James
-- 
James Morris
<jmorris@redhat.com>



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

The person at bugzilla recommended that i upgrade to the most recent selinux
policy.  How and where do i do that?
Thanks

On 8/16/06, James Morris <jmorris@redhat.com>
wrote:
>
> On Thu, 17 Aug 2006, Tony Breeds wrote:
>
> > On Wed, Aug 16, 2006 at 11:36:59AM -0400, James Morris wrote:
> >
> > > Please don''t tell people to add selinux=0 to
"fix" problems with
> SELinux
> > > policy.  It just papers over the real issue and the developers
don''t
> find
> > > out what needs fixing.
> >
> > Hi James,
> >       I understand your position.  If you read the rest of my original
> > I did suggest that if this helped Corey B should seek help on fixing
his
> > selinux policy from more knowledgable folks.
>
> Yes, you''re right, sorry.
>
>
>
> - James
> --
> James Morris
> <jmorris@redhat.com>
>
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Wed, 16 Aug 2006, Corey B wrote:
> The person at bugzilla recommended that i upgrade to the most recent
selinux
> policy.  How and where do i do that?
This should work:

$ yum update selinux-policy-targeted



- James
-- 
James Morris
<jmorris@redhat.com>



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users