# HG changeset patch
# User Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
# Date 1278413840 -3600
# Node ID 4af9f9351beb311f48d32dea654a8387230a6ac6
# Parent db6234d3eafbd2d7b1469d8b98a13d6ab0b89973
tools/xenstore: add XS_RESTRICT operation to C xenstore client libs.
The OCaml xenstored supports the XS_RESTRICT operation, which
deprivileges a dom0 xenstore connection so it can only affect one
domain's entries. Add the relevant definitions to the C libraries
so that callers can use it.
Signed-off-by: Tim Deegan <Tim.Deegan@xxxxxxxxxx>
---
tools/ocaml/libs/xb/op.ml | 4 ++--
tools/xenstore/xs.c | 8 ++++++++
tools/xenstore/xs.h | 9 +++++++++
xen/include/public/io/xs_wire.h | 3 ++-
4 files changed, 21 insertions(+), 3 deletions(-)
diff -r db6234d3eafb -r 4af9f9351beb tools/ocaml/libs/xb/op.ml
--- a/tools/ocaml/libs/xb/op.ml Tue Jul 06 11:54:40 2010 +0100
+++ b/tools/ocaml/libs/xb/op.ml Tue Jul 06 11:57:20 2010 +0100
@@ -31,13 +31,13 @@ let operation_c_mapping =
Transaction_end; Introduce; Release;
Getdomainpath; Write; Mkdir; Rm;
Setperms; Watchevent; Error; Isintroduced;
- Resume; Set_target |]
+ Resume; Set_target; Restrict |]
let size = Array.length operation_c_mapping
(* [offset_pq] has to be the same as in <xen/io/xs_wire.h> *)
let offset_pq = size
let operation_c_mapping_pq =
- [| Restrict |]
+ [| |]
let size_pq = Array.length operation_c_mapping_pq
let array_search el a =
diff -r db6234d3eafb -r 4af9f9351beb tools/xenstore/xs.c
--- a/tools/xenstore/xs.c Tue Jul 06 11:54:40 2010 +0100
+++ b/tools/xenstore/xs.c Tue Jul 06 11:57:20 2010 +0100
@@ -615,6 +615,14 @@ unwind:
return false;
}
+bool xs_restrict(struct xs_handle *h, unsigned domid)
+{
+ char buf[16];
+
+ sprintf(buf, "%d", domid);
+ return xs_bool(xs_single(h, XBT_NULL, XS_RESTRICT, buf, NULL));
+}
+
/* Watch a node for changes (poll on fd to detect, or call read_watch()).
* When the node (or any child) changes, fd will become readable.
* Token is returned when watch is read, to allow matching.
diff -r db6234d3eafb -r 4af9f9351beb tools/xenstore/xs.h
--- a/tools/xenstore/xs.h Tue Jul 06 11:54:40 2010 +0100
+++ b/tools/xenstore/xs.h Tue Jul 06 11:57:20 2010 +0100
@@ -82,6 +82,15 @@ bool xs_mkdir(struct xs_handle *h, xs_tr
*/
bool xs_rm(struct xs_handle *h, xs_transaction_t t,
const char *path);
+
+/* Restrict a xenstore handle so that it acts as if it had the
+ * permissions of domain @domid. The handle must currently be
+ * using domain 0's credentials.
+ *
+ * Returns false on failure, in which case the handle continues
+ * to use the old credentials, or true on success.
+ */
+bool xs_restrict(struct xs_handle *h, unsigned domid);
/* Get permissions of node (first element is owner, first perms is "other").
* Returns malloced array, or NULL: call free() after use.
diff -r db6234d3eafb -r 4af9f9351beb xen/include/public/io/xs_wire.h
--- a/xen/include/public/io/xs_wire.h Tue Jul 06 11:54:40 2010 +0100
+++ b/xen/include/public/io/xs_wire.h Tue Jul 06 11:57:20 2010 +0100
@@ -47,7 +47,8 @@ enum xsd_sockmsg_type
XS_ERROR,
XS_IS_DOMAIN_INTRODUCED,
XS_RESUME,
- XS_SET_TARGET
+ XS_SET_TARGET,
+ XS_RESTRICT
};
#define XS_WRITE_NONE "NONE"
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
Home