[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] xenstore: document xs_set_permissions
Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx> Cc: Ian Campbell <ian.campbell@xxxxxxxxxx> Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> --- tools/xenstore/include/xenstore.h | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/tools/xenstore/include/xenstore.h b/tools/xenstore/include/xenstore.h index b4b113e..6af5978 100644 --- a/tools/xenstore/include/xenstore.h +++ b/tools/xenstore/include/xenstore.h @@ -149,8 +149,30 @@ struct xs_permissions *xs_get_permissions(struct xs_handle *h, xs_transaction_t t, const char *path, unsigned int *num); -/* Set permissions of node (must be owner). - * Returns false on failure. +/* Set permissions of node (must be owner). Returns false on failure. + * + * Domain 0 may read / write anywhere in the store, regardless of + * permission settings. + * + * Note: + * The perms array is a list of (domid, permissions) pairs. The first + * element in the list specifies the owner of the list, plus the flags + * for every domain not explicitly specified subsequently. The + * subsequent entries are normal capabilities. + * + * Example C code: + * + * struct xs_permissions perms[2]; + * + * perms[0].id = dm_domid; + * perms[0].perms = XS_PERM_NONE; + * perms[1].id = guest_domid; + * perms[1].perms = XS_PERM_READ; + * + * It means the owner of the path is domain $dm_domid, all other + * domains (unless specified in subsequent pair) can neither read from + * nor write to that path. It then specifies domain $guest_domid can + * read from that path. */ bool xs_set_permissions(struct xs_handle *h, xs_transaction_t t, const char *path, struct xs_permissions *perms, -- 1.9.1 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |