[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen stable-4.16] docs: enhance xenstore.txt with permissions description

commit 1f5b394d6ed0ee26b5878bd0cdf4a698bbc4294f
Author:     Juergen Gross <jgross@xxxxxxxx>
AuthorDate: Tue Sep 13 07:35:13 2022 +0200
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Tue Nov 1 14:07:24 2022 +0000

    docs: enhance xenstore.txt with permissions description
    
    The permission scheme of Xenstore nodes is not really covered by
    docs/misc/xenstore.txt, other than referring to the Xen wiki.
    
    Add a paragraph explaining the permissions of nodes, and especially
    mentioning removal of nodes when a domain has been removed from
    Xenstore.
    
    This is part of XSA-419.
    
    Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
    Reviewed-by: Edwin Török <edvin.torok@xxxxxxxxxx>
    Acked-by: Julien Grall <jgrall@xxxxxxxxxx>
    (cherry picked from commit d084d2c6dff7044956ebdf83a259ad6081a1d921)
---
 docs/misc/xenstore.txt | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/docs/misc/xenstore.txt b/docs/misc/xenstore.txt
index a7d006519a..eccd596ee3 100644
--- a/docs/misc/xenstore.txt
+++ b/docs/misc/xenstore.txt
@@ -43,6 +43,17 @@ bytes are forbidden; clients specifying relative paths 
should keep
 them to within 2048 bytes.  (See XENSTORE_*_PATH_MAX in xs_wire.h.)
 
 
+Each node has one or multiple permission entries.  Permissions are
+granted by domain-id, the first permission entry of each node specifies
+the owner of the node.  Permissions of a node can be changed by the
+owner of the node, the owner can only be modified by the control
+domain (usually domain id 0).  The owner always has the right to read
+and write the node, while other permissions can be setup to allow
+read and/or write access.  When a domain is being removed from Xenstore
+nodes owned by that domain will be removed together with all of those
+nodes' children.
+
+
 Communication with xenstore is via either sockets, or event channel
 and shared memory, as specified in io/xs_wire.h: each message in
 either direction is a header formatted as a struct xsd_sockmsg
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.16

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.