WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] tools/xenstore: add XS_RESTRICT operation

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] tools/xenstore: add XS_RESTRICT operation to C xenstore client libs.
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 08 Jul 2010 02:10:39 -0700
Delivery-date: Thu, 08 Jul 2010 02:13:37 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
# Date 1278413840 -3600
# Node ID 4af9f9351beb311f48d32dea654a8387230a6ac6
# Parent  db6234d3eafbd2d7b1469d8b98a13d6ab0b89973
tools/xenstore: add XS_RESTRICT operation to C xenstore client libs.

The OCaml xenstored supports the XS_RESTRICT operation, which
deprivileges a dom0 xenstore connection so it can only affect one
domain's entries.   Add the relevant definitions to the C libraries
so that callers can use it.

Signed-off-by: Tim Deegan <Tim.Deegan@xxxxxxxxxx>
---
 tools/ocaml/libs/xb/op.ml       |    4 ++--
 tools/xenstore/xs.c             |    8 ++++++++
 tools/xenstore/xs.h             |    9 +++++++++
 xen/include/public/io/xs_wire.h |    3 ++-
 4 files changed, 21 insertions(+), 3 deletions(-)

diff -r db6234d3eafb -r 4af9f9351beb tools/ocaml/libs/xb/op.ml
--- a/tools/ocaml/libs/xb/op.ml Tue Jul 06 11:54:40 2010 +0100
+++ b/tools/ocaml/libs/xb/op.ml Tue Jul 06 11:57:20 2010 +0100
@@ -31,13 +31,13 @@ let operation_c_mapping =
            Transaction_end; Introduce; Release;
            Getdomainpath; Write; Mkdir; Rm;
            Setperms; Watchevent; Error; Isintroduced;
-           Resume; Set_target |]
+           Resume; Set_target; Restrict |]
 let size = Array.length operation_c_mapping
 
 (* [offset_pq] has to be the same as in <xen/io/xs_wire.h> *)
 let offset_pq = size
 let operation_c_mapping_pq =
-       [| Restrict |]
+       [| |]
 let size_pq = Array.length operation_c_mapping_pq
 
 let array_search el a =
diff -r db6234d3eafb -r 4af9f9351beb tools/xenstore/xs.c
--- a/tools/xenstore/xs.c       Tue Jul 06 11:54:40 2010 +0100
+++ b/tools/xenstore/xs.c       Tue Jul 06 11:57:20 2010 +0100
@@ -615,6 +615,14 @@ unwind:
        return false;
 }
 
+bool xs_restrict(struct xs_handle *h, unsigned domid)
+{
+       char buf[16];
+
+       sprintf(buf, "%d", domid);
+       return xs_bool(xs_single(h, XBT_NULL, XS_RESTRICT, buf, NULL));
+}
+
 /* Watch a node for changes (poll on fd to detect, or call read_watch()).
  * When the node (or any child) changes, fd will become readable.
  * Token is returned when watch is read, to allow matching.
diff -r db6234d3eafb -r 4af9f9351beb tools/xenstore/xs.h
--- a/tools/xenstore/xs.h       Tue Jul 06 11:54:40 2010 +0100
+++ b/tools/xenstore/xs.h       Tue Jul 06 11:57:20 2010 +0100
@@ -82,6 +82,15 @@ bool xs_mkdir(struct xs_handle *h, xs_tr
  */
 bool xs_rm(struct xs_handle *h, xs_transaction_t t,
           const char *path);
+
+/* Restrict a xenstore handle so that it acts as if it had the
+ * permissions of domain @domid.  The handle must currently be
+ * using domain 0's credentials.
+ *
+ * Returns false on failure, in which case the handle continues
+ * to use the old credentials, or true on success.
+ */
+bool xs_restrict(struct xs_handle *h, unsigned domid);
 
 /* Get permissions of node (first element is owner, first perms is "other").
  * Returns malloced array, or NULL: call free() after use.
diff -r db6234d3eafb -r 4af9f9351beb xen/include/public/io/xs_wire.h
--- a/xen/include/public/io/xs_wire.h   Tue Jul 06 11:54:40 2010 +0100
+++ b/xen/include/public/io/xs_wire.h   Tue Jul 06 11:57:20 2010 +0100
@@ -47,7 +47,8 @@ enum xsd_sockmsg_type
     XS_ERROR,
     XS_IS_DOMAIN_INTRODUCED,
     XS_RESUME,
-    XS_SET_TARGET
+    XS_SET_TARGET,
+    XS_RESTRICT
 };
 
 #define XS_WRITE_NONE "NONE"

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] tools/xenstore: add XS_RESTRICT operation to C xenstore client libs., Xen patchbot-unstable <=