Package: xen-utils-common
Version: 4.4.1-9+deb8u1
Severity: normal
With SE Linux it's desirable to give utilities and daemons the minimum
privileges.
That includes not permitting general utilities to create directories under
/var/run.
I think it would be best if /var/run/xen-hotplug was created by an init script
such
as /etc/init.d/xen (or by systemd-tmpfiles when using systemd units).
Below is a patch for /etc/init.d/xen which makes everything work well on SE
Linux and
which does no harm on non-SE systems.
--- /etc/init.d/xen.orig 2015-09-25 15:02:41.542277474 +1000
+++ /etc/init.d/xen 2015-09-25 15:03:38.961681475 +1000
@@ -63,6 +63,8 @@
env_setup()
{
+ mkdir -m 755 /var/run/xen-hotplug
+ [ -x /sbin/restorecon ] && /sbin/restorecon /var/run/xen-hotplug
[ -d /run/xen ] && return 0
mkdir -m 700 /run/xen
-- System Information:
Debian Release: 8.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages xen-utils-common depends on:
ii lsb-base 4.1+Debian13+nmu1
ii python 2.7.9-1
ii ucf 3.0030
ii udev 215-17+deb8u2
ii xenstore-utils 4.4.1-9+deb8u1
xen-utils-common recommends no packages.
xen-utils-common suggests no packages.
