[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] tools/xenstore: add XS_RESTRICT operation to C xenstore client libs.

# HG changeset patch
# User Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
# Date 1278413840 -3600
# Node ID 4af9f9351beb311f48d32dea654a8387230a6ac6
# Parent  db6234d3eafbd2d7b1469d8b98a13d6ab0b89973
tools/xenstore: add XS_RESTRICT operation to C xenstore client libs.

The OCaml xenstored supports the XS_RESTRICT operation, which
deprivileges a dom0 xenstore connection so it can only affect one
domain's entries.   Add the relevant definitions to the C libraries
so that callers can use it.

Signed-off-by: Tim Deegan <Tim.Deegan@xxxxxxxxxx>
---
 tools/ocaml/libs/xb/op.ml       |    4 ++--
 tools/xenstore/xs.c             |    8 ++++++++
 tools/xenstore/xs.h             |    9 +++++++++
 xen/include/public/io/xs_wire.h |    3 ++-
 4 files changed, 21 insertions(+), 3 deletions(-)

diff -r db6234d3eafb -r 4af9f9351beb tools/ocaml/libs/xb/op.ml
--- a/tools/ocaml/libs/xb/op.ml Tue Jul 06 11:54:40 2010 +0100
+++ b/tools/ocaml/libs/xb/op.ml Tue Jul 06 11:57:20 2010 +0100
@@ -31,13 +31,13 @@ let operation_c_mapping =
            Transaction_end; Introduce; Release;
            Getdomainpath; Write; Mkdir; Rm;
            Setperms; Watchevent; Error; Isintroduced;
-           Resume; Set_target |]
+           Resume; Set_target; Restrict |]
 let size = Array.length operation_c_mapping
 
 (* [offset_pq] has to be the same as in <xen/io/xs_wire.h> *)
 let offset_pq = size
 let operation_c_mapping_pq =
-       [| Restrict |]
+       [| |]
 let size_pq = Array.length operation_c_mapping_pq
 
 let array_search el a =
diff -r db6234d3eafb -r 4af9f9351beb tools/xenstore/xs.c
--- a/tools/xenstore/xs.c       Tue Jul 06 11:54:40 2010 +0100
+++ b/tools/xenstore/xs.c       Tue Jul 06 11:57:20 2010 +0100
@@ -615,6 +615,14 @@ unwind:
        return false;
 }
 
+bool xs_restrict(struct xs_handle *h, unsigned domid)
+{
+       char buf[16];
+
+       sprintf(buf, "%d", domid);
+       return xs_bool(xs_single(h, XBT_NULL, XS_RESTRICT, buf, NULL));
+}
+
 /* Watch a node for changes (poll on fd to detect, or call read_watch()).
  * When the node (or any child) changes, fd will become readable.
  * Token is returned when watch is read, to allow matching.
diff -r db6234d3eafb -r 4af9f9351beb tools/xenstore/xs.h
--- a/tools/xenstore/xs.h       Tue Jul 06 11:54:40 2010 +0100
+++ b/tools/xenstore/xs.h       Tue Jul 06 11:57:20 2010 +0100
@@ -82,6 +82,15 @@ bool xs_mkdir(struct xs_handle *h, xs_tr
  */
 bool xs_rm(struct xs_handle *h, xs_transaction_t t,
           const char *path);
+
+/* Restrict a xenstore handle so that it acts as if it had the
+ * permissions of domain @domid.  The handle must currently be
+ * using domain 0's credentials.
+ *
+ * Returns false on failure, in which case the handle continues
+ * to use the old credentials, or true on success.
+ */
+bool xs_restrict(struct xs_handle *h, unsigned domid);
 
 /* Get permissions of node (first element is owner, first perms is "other").
  * Returns malloced array, or NULL: call free() after use.
diff -r db6234d3eafb -r 4af9f9351beb xen/include/public/io/xs_wire.h
--- a/xen/include/public/io/xs_wire.h   Tue Jul 06 11:54:40 2010 +0100
+++ b/xen/include/public/io/xs_wire.h   Tue Jul 06 11:57:20 2010 +0100
@@ -47,7 +47,8 @@ enum xsd_sockmsg_type
     XS_ERROR,
     XS_IS_DOMAIN_INTRODUCED,
     XS_RESUME,
-    XS_SET_TARGET
+    XS_SET_TARGET,
+    XS_RESTRICT
 };
 
 #define XS_WRITE_NONE "NONE"

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.