|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH RFC 06/12] libxl: set correct permissions for the full backend path
The backend path should be fully owned by the domain where it resides.
Signed-off-by: Roger Pau Monnà <roger.pau@xxxxxxxxxx>
Cc: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Cc: Ian Campbell <ian.campbell@xxxxxxxxxx>
---
tools/libxl/libxl_device.c | 45 +++++++++++++++++++++++++++++++++++++++--
tools/libxl/libxl_internal.h | 2 +
2 files changed, 44 insertions(+), 3 deletions(-)
diff --git a/tools/libxl/libxl_device.c b/tools/libxl/libxl_device.c
index 082bd2a..f39b7b1 100644
--- a/tools/libxl/libxl_device.c
+++ b/tools/libxl/libxl_device.c
@@ -83,6 +83,47 @@ out:
return rc;
}
+int libxl__create_backend_path(libxl__gc *gc, xs_transaction_t t,
+ libxl__device *device)
+{
+ char *dom_backend_path;
+ char *be_path = libxl__device_backend_path(gc, device);
+ char *p;
+ struct xs_permissions backend_dir_perms[2];
+ struct xs_permissions backend_path_perms[1];
+ int rc;
+
+ backend_path_perms[0].id = device->backend_domid;
+ backend_path_perms[0].perms = XS_PERM_NONE;
+
+ backend_dir_perms[0].id = device->backend_domid;
+ backend_dir_perms[0].perms = XS_PERM_NONE;
+ backend_dir_perms[1].id = device->domid;
+ backend_dir_perms[1].perms = XS_PERM_READ;
+
+ rc = libxl__xs_rm_checked(gc, t, be_path);
+ if (rc) goto error;
+ if (!libxl__xs_mkdir(gc, t, be_path, backend_dir_perms,
+ ARRAY_SIZE(backend_dir_perms)))
+ goto error;
+
+ dom_backend_path = GCSPRINTF("%s/backend",
+ libxl__xs_get_dompath(gc, device->backend_domid));
+ while (strcmp(be_path, dom_backend_path) != 0) {
+ p = strrchr(be_path, '/');
+ if (!p) goto error;
+ *p = '\0';
+
+ xs_set_permissions(CTX->xsh, t, be_path, backend_path_perms,
+ ARRAY_SIZE(backend_path_perms));
+ }
+
+ return 0;
+
+error:
+ return ERROR_FAIL;
+}
+
int libxl__device_generic_add(libxl__gc *gc, xs_transaction_t t,
libxl__device *device, char **bents, char **fents, char **ro_fents)
{
@@ -135,9 +176,7 @@ retry_transaction:
}
if (bents) {
- xs_rm(ctx->xsh, t, backend_path);
- xs_mkdir(ctx->xsh, t, backend_path);
- xs_set_permissions(ctx->xsh, t, backend_path, backend_perms,
ARRAY_SIZE(backend_perms));
+ libxl__create_backend_path(gc, t, device);
xs_write(ctx->xsh, t, libxl__sprintf(gc, "%s/frontend", backend_path),
frontend_path, strlen(frontend_path));
libxl__xs_writev(gc, t, backend_path, bents);
}
diff --git a/tools/libxl/libxl_internal.h b/tools/libxl/libxl_internal.h
index 3b74726..1746b7d 100644
--- a/tools/libxl/libxl_internal.h
+++ b/tools/libxl/libxl_internal.h
@@ -929,6 +929,8 @@ _hidden int libxl__domain_pvcontrol_write(libxl__gc *gc,
xs_transaction_t t,
_hidden char *libxl__device_disk_string_of_backend(libxl_disk_backend backend);
_hidden char *libxl__device_disk_string_of_format(libxl_disk_format format);
_hidden int libxl__device_disk_set_backend(libxl__gc*, libxl_device_disk*);
+_hidden int libxl__create_backend_path(libxl__gc *gc, xs_transaction_t t,
+ libxl__device *device);
_hidden int libxl__device_physdisk_major_minor(const char *physpath, int
*major, int *minor);
_hidden int libxl__device_disk_dev_number(const char *virtpath,
--
1.7.7.5 (Apple Git-26)
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |