* [OSSTEST PATCH v2 1/3] ts-depriv-audit-qemu: Create complete /run/user in appropriate root
@ 2018-11-20 11:51 Ian Jackson
2018-11-20 11:51 ` [OSSTEST PATCH v2 2/3] ts-depriv-audit-qemu: chmod +x qemu's chroot Ian Jackson
2018-11-20 11:51 ` [OSSTEST PATCH v2 3/3] production-config*: Update to fishdescriptor with chroot bugfix Ian Jackson
0 siblings, 2 replies; 3+ messages in thread
From: Ian Jackson @ 2018-11-20 11:51 UTC (permalink / raw)
To: xen-devel; +Cc: Ian Jackson, George Dunlap
* Use mkdir -p, rather than trying to only create /run/user/$uid.
That helps if /run and/or /run/user do not exist, as they do in
libxl-made chroots with recent libxl (which gets qemu to chroot).
* Do all of this in the root directory of the qemu process, not our
own root directory. So it works if qemu is chrooted.
CC: George Dunlap <george.dunlap@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
---
v2: Actually use $qpid rather than hardcoding 8123 !
squash! ts-depriv-audit-qemu: Create complete /run/user in appropriate root
---
ts-depriv-audit-qemu | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/ts-depriv-audit-qemu b/ts-depriv-audit-qemu
index 5d093500..d5bf10c9 100755
--- a/ts-depriv-audit-qemu
+++ b/ts-depriv-audit-qemu
@@ -48,9 +48,10 @@ END
qpid=$(xenstore-read /local/domain/$domid/image/device-model-pid)
uid=$(id -u xen-qemuuser-range-base)
uid=$(( $uid + $domid ))
- test -d /run/user || mkdir -m 2755 /run/user
- if mkdir -m 2700 /run/user/$uid; then
- chown $uid:root /run/user/$uid
+ qroot=$(readlink /proc/$qpid/root)
+ mkdir -pm 2755 $qroot/run/user
+ if mkdir -m 2700 $qroot/run/user/$uid; then
+ chown $uid:root $qroot/run/user/$uid
fi
osstest-depriv-fd-collector $qpid \
/usr/local/lib/xen/bin/depriv-fd-checker
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [OSSTEST PATCH v2 2/3] ts-depriv-audit-qemu: chmod +x qemu's chroot
2018-11-20 11:51 [OSSTEST PATCH v2 1/3] ts-depriv-audit-qemu: Create complete /run/user in appropriate root Ian Jackson
@ 2018-11-20 11:51 ` Ian Jackson
2018-11-20 11:51 ` [OSSTEST PATCH v2 3/3] production-config*: Update to fishdescriptor with chroot bugfix Ian Jackson
1 sibling, 0 replies; 3+ messages in thread
From: Ian Jackson @ 2018-11-20 11:51 UTC (permalink / raw)
To: xen-devel; +Cc: Ian Jackson, George Dunlap
libxl creates this directory with mode 0. That prevents
fishdescriptor from working. chmod it. This is OK for testing.
CC: George Dunlap <george.dunlap@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
---
ts-depriv-audit-qemu | 1 +
1 file changed, 1 insertion(+)
diff --git a/ts-depriv-audit-qemu b/ts-depriv-audit-qemu
index d5bf10c9..599bdf6d 100755
--- a/ts-depriv-audit-qemu
+++ b/ts-depriv-audit-qemu
@@ -49,6 +49,7 @@ END
uid=$(id -u xen-qemuuser-range-base)
uid=$(( $uid + $domid ))
qroot=$(readlink /proc/$qpid/root)
+ chmod a+x $qroot
mkdir -pm 2755 $qroot/run/user
if mkdir -m 2700 $qroot/run/user/$uid; then
chown $uid:root $qroot/run/user/$uid
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [OSSTEST PATCH v2 3/3] production-config*: Update to fishdescriptor with chroot bugfix
2018-11-20 11:51 [OSSTEST PATCH v2 1/3] ts-depriv-audit-qemu: Create complete /run/user in appropriate root Ian Jackson
2018-11-20 11:51 ` [OSSTEST PATCH v2 2/3] ts-depriv-audit-qemu: chmod +x qemu's chroot Ian Jackson
@ 2018-11-20 11:51 ` Ian Jackson
1 sibling, 0 replies; 3+ messages in thread
From: Ian Jackson @ 2018-11-20 11:51 UTC (permalink / raw)
To: xen-devel; +Cc: Ian Jackson, George Dunlap
Deployment note: I have copied this binary to the images directory in
Cambridge and Massachusetts. The corresponding patch to chiark-utils
is on its way to my upstream hat.
CC: George Dunlap <george.dunlap@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
---
production-config | 2 +-
production-config-cambridge | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/production-config b/production-config
index df02cd37..6b743d4f 100644
--- a/production-config
+++ b/production-config
@@ -103,7 +103,7 @@ MicrocodeUpdateI386 microcode.x86.2015-06-12.cpio
# Update with ./mg-netgrub-loader-update
TftpGrubVersion XXXX-XX-XX
-DebianExtraPackages_jessie chiark-scripts_6.0.2_all.deb
+DebianExtraPackages_jessie chiark-scripts_6.0.3~citrix1_all.deb
DebianExtraPackages_uefi_i386_jessie extradebs-uefi-i386-2018-04-01/
DebianExtraPackages_uefi_amd64_jessie extradebs-uefi-amd64-2018-04-01/
diff --git a/production-config-cambridge b/production-config-cambridge
index 5c9a4a28..8e2eadd2 100644
--- a/production-config-cambridge
+++ b/production-config-cambridge
@@ -82,7 +82,7 @@ TftpDiVersion_jessie 2018-06-26
DebianImageVersion_wheezy 7.2.0
DebianImageVersion_jessie 8.2.0
-DebianExtraPackages_jessie chiark-scripts_6.0.2_all.deb
+DebianExtraPackages_jessie chiark-scripts_6.0.3~citrix1_all.deb
# These should normally be the same.
MicrocodeUpdateAmd64 microcode.x86.2015-06-12.cpio
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-11-20 11:52 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-20 11:51 [OSSTEST PATCH v2 1/3] ts-depriv-audit-qemu: Create complete /run/user in appropriate root Ian Jackson
2018-11-20 11:51 ` [OSSTEST PATCH v2 2/3] ts-depriv-audit-qemu: chmod +x qemu's chroot Ian Jackson
2018-11-20 11:51 ` [OSSTEST PATCH v2 3/3] production-config*: Update to fishdescriptor with chroot bugfix Ian Jackson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.