Russell Coker
2015-Sep-25 05:28 UTC
[Pkg-xen-devel] Bug#799986: xen-utils-common: please create /var/run/xen-hotplug from an init script
Package: xen-utils-common Version: 4.4.1-9+deb8u1 Severity: normal With SE Linux it's desirable to give utilities and daemons the minimum privileges. That includes not permitting general utilities to create directories under /var/run. I think it would be best if /var/run/xen-hotplug was created by an init script such as /etc/init.d/xen (or by systemd-tmpfiles when using systemd units). Below is a patch for /etc/init.d/xen which makes everything work well on SE Linux and which does no harm on non-SE systems. --- /etc/init.d/xen.orig 2015-09-25 15:02:41.542277474 +1000 +++ /etc/init.d/xen 2015-09-25 15:03:38.961681475 +1000 @@ -63,6 +63,8 @@ env_setup() { + mkdir -m 755 /var/run/xen-hotplug + [ -x /sbin/restorecon ] && /sbin/restorecon /var/run/xen-hotplug [ -d /run/xen ] && return 0 mkdir -m 700 /run/xen -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages xen-utils-common depends on: ii lsb-base 4.1+Debian13+nmu1 ii python 2.7.9-1 ii ucf 3.0030 ii udev 215-17+deb8u2 ii xenstore-utils 4.4.1-9+deb8u1 xen-utils-common recommends no packages. xen-utils-common suggests no packages.
Hans van Kranenburg
2019-Jan-22 19:23 UTC
[Pkg-xen-devel] Bug#799986: xen-utils-common: please create /var/run/xen-hotplug from an init script
tags 799986 + moreinfo thanks Hi Russel, I'm hunting down old bug reports in the Xen packages, and also ran into this one. I see why it's useful. I can see that current init scripts (well, for Xen 4.11) do create /run/xen, as wel as /run/xenstored/: https://salsa.debian.org/xen-team/debian-xen/blob/master/debian/xen-utils-common.xen.init#L67 https://salsa.debian.org/xen-team/debian-xen/blob/master/debian/xen-utils-common.xen.init#L243 Do you think this is already enough? If not, I suspect it needs the help of someone who is actually using Xen and SE Linux as combination to properly test other necessary changes. And, now, I will still add my cleanup template: ---- >8 ---- Your bug report was targeted at a Xen package in a Debian distribution older than the current stable (Stretch). Can you please help us by confirming that any of the following scenarios does apply to your situation? * I had this problem a long time ago. It was never solved, but I found a workaround, which is ... * I had this problem a long time ago, and I solved it by not using Xen any more, but by doing ... * I still experience this problem, and I'm still using Xen 3.2/4.1/4.4/etc. I cannot upgrade to Debian Stretch or Buster because ... * I had this problem, and since upgrading to Stretch / Buster / ? it seems it was solved, and I forgot to report it again. Please close it, thanks. * Other: ... Note that even if you found a solution, it's still very useful to report it back to our bug tracker. There might be someone else running into the same problem, who can be helped with your information. Please note that unless there's a response within a month from now, we will close the bug report. If you discover this message later, and this case is important to you, then you can try unarchiving the bug and replying to it, or reach out to the maintainers email list at pkg-xen-devel at lists.alioth.debian.org (no subscription required) and post a message. Thanks, Hans van Kranenburg
Debian Bug Tracking System
2019-Jan-22 19:27 UTC
[Pkg-xen-devel] Processed: Re: xen-utils-common: please create /var/run/xen-hotplug from an init script
Processing commands for control at bugs.debian.org:> tags 799986 + moreinfoBug #799986 [xen-utils-common] xen-utils-common: please create /var/run/xen-hotplug from an init script Added tag(s) moreinfo.> thanksStopping processing here. Please contact me if you need assistance. -- 799986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799986 Debian Bug Tracking System Contact owner at bugs.debian.org with problems
Russell Coker
2019-Jan-22 19:58 UTC
[Pkg-xen-devel] Bug#799986: xen-utils-common: please create /var/run/xen-hotplug from an init script
On Wednesday, 23 January 2019 6:23:05 AM AEDT Hans van Kranenburg wrote:> I'm hunting down old bug reports in the Xen packages, and also ran into > this one. I see why it's useful. > > I can see that current init scripts (well, for Xen 4.11) do create > /run/xen, as wel as /run/xenstored/: > > https://salsa.debian.org/xen-team/debian-xen/blob/master/debian/xen-utils-co > mmon.xen.init#L67 > > https://salsa.debian.org/xen-team/debian-xen/blob/master/debian/xen-utils-co > mmon.xen.init#L243 > > Do you think this is already enough?That is good. Also systemd-tmpfiles entries for those directories would be good, systemd-tmpfiles has internal support for restorecon which makes this easy.> Can you please help us by confirming that any of the following scenarios > does apply to your situation? > > * I had this problem, and since upgrading to Stretch / Buster / ? it > seems it was solved, and I forgot to report it again. Please close it, > thanks.Yes this seems to be solved. I don't use Xen any more due to unrelated reasons, but from examining the code it seems fixed. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
Debian Bug Tracking System
2019-Jan-22 20:27 UTC
[Pkg-xen-devel] Bug#799986: marked as done (xen-utils-common: please create /var/run/xen-hotplug from an init script)
Your message dated Tue, 22 Jan 2019 21:24:03 +0100 with message-id <c828450f-6ec6-c558-b8eb-3c1d6fbe6eca at knorrie.org> and subject line Re: xen-utils-common: please create /var/run/xen-hotplug from an init script has caused the Debian Bug report #799986, regarding xen-utils-common: please create /var/run/xen-hotplug from an init script to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 799986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799986 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Russell Coker <russell at coker.com.au> Subject: xen-utils-common: please create /var/run/xen-hotplug from an init script Date: Fri, 25 Sep 2015 15:28:13 +1000 Size: 3461 URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20190122/441627f9/attachment.mht> -------------- next part -------------- An embedded message was scrubbed... From: Hans van Kranenburg <hans at knorrie.org> Subject: Re: xen-utils-common: please create /var/run/xen-hotplug from an init script Date: Tue, 22 Jan 2019 21:24:03 +0100 Size: 9066 URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20190122/441627f9/attachment-0001.mht>
Reasonably Related Threads
- Bug#503046: xen-utils-3.2-1: inadequate error handling for the case of a failure to use a loopback device
- Bug#820807: xen-hypervisor-4.4-amd64: Xen detects only one CPU when bootet via EFI and grub2
- Plans for buster
- Bug#618576: xen-3.2-1: VNC display over HVM XEN 3/Lenny AMD64, displays a blank screen when Debian-Installer Squeeze AMD64 is running on it
- Bug#776450: Xen PVH support for grub-xen in Buster