|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] xenstored: use domain_is_unprivileged instead of checking conn->id
# HG changeset patch
# User Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
# Date 1328812415 0
# Node ID 98f45814fbacaa844a204693529d806d4f9c7c05
# Parent 095c3cbf7f6e894531c183600fee9ea06217d947
xenstored: use domain_is_unprivileged instead of checking conn->id
This centralizes all the permission checking for privileged domains in
preparation for allowing domains other than dom0 to be privileged.
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Cc: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Committed-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
---
diff -r 095c3cbf7f6e -r 98f45814fbac tools/xenstore/xenstored_core.c
--- a/tools/xenstore/xenstored_core.c Thu Feb 09 18:33:35 2012 +0000
+++ b/tools/xenstore/xenstored_core.c Thu Feb 09 18:33:35 2012 +0000
@@ -462,7 +462,7 @@
mask &= ~XS_PERM_WRITE;
/* Owners and tools get it all... */
- if (!conn->id || perms[0].id == conn->id
+ if (!domain_is_unprivileged(conn) || perms[0].id == conn->id
|| (conn->target && perms[0].id == conn->target->id))
return (XS_PERM_READ|XS_PERM_WRITE|XS_PERM_OWNER) & mask;
@@ -800,11 +800,11 @@
node->tdb = tdb_context(conn);
node->name = talloc_strdup(node, name);
- /* Inherit permissions, except domains own what they create */
+ /* Inherit permissions, except unprivileged domains own what they
create */
node->num_perms = parent->num_perms;
node->perms = talloc_memdup(node, parent->perms,
node->num_perms * sizeof(node->perms[0]));
- if (conn && conn->id)
+ if (domain_is_unprivileged(conn))
node->perms[0].id = conn->id;
/* No children, no data */
diff -r 095c3cbf7f6e -r 98f45814fbac tools/xenstore/xenstored_domain.c
--- a/tools/xenstore/xenstored_domain.c Thu Feb 09 18:33:35 2012 +0000
+++ b/tools/xenstore/xenstored_domain.c Thu Feb 09 18:33:35 2012 +0000
@@ -354,7 +354,7 @@
return;
}
- if (conn->id != 0 || !conn->can_write) {
+ if (domain_is_unprivileged(conn) || !conn->can_write) {
send_error(conn, EACCES);
return;
}
@@ -418,7 +418,7 @@
return;
}
- if (conn->id != 0 || !conn->can_write) {
+ if (domain_is_unprivileged(conn) || !conn->can_write) {
send_error(conn, EACCES);
return;
}
@@ -470,7 +470,7 @@
return;
}
- if (conn->id != 0) {
+ if (domain_is_unprivileged(conn)) {
send_error(conn, EACCES);
return;
}
@@ -507,7 +507,7 @@
return;
}
- if (conn->id != 0) {
+ if (domain_is_unprivileged(conn)) {
send_error(conn, EACCES);
return;
}
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |