Xen project Mailing List

Re: [Xen-devel] [PATCH] xenstore: document xs_set_permissions

To: Ian Campbell <ian.campbell@xxxxxxxxxx>

Date: Tue, 31 Mar 2015 13:11:14 +0100

Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx

Delivery-date: Tue, 31 Mar 2015 12:11:36 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, Mar 31, 2015 at 01:08:32PM +0100, Ian Campbell wrote: > On Tue, 2015-03-31 at 11:24 +0100, Wei Liu wrote: > > Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx> > > Cc: Ian Campbell <ian.campbell@xxxxxxxxxx> > > Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> > > Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx> > > One comment/suggestion: > > --- > > tools/xenstore/include/xenstore.h | 26 ++++++++++++++++++++++++-- > > 1 file changed, 24 insertions(+), 2 deletions(-) > > > > diff --git a/tools/xenstore/include/xenstore.h > > b/tools/xenstore/include/xenstore.h > > index b4b113e..6af5978 100644 > > --- a/tools/xenstore/include/xenstore.h > > +++ b/tools/xenstore/include/xenstore.h > > @@ -149,8 +149,30 @@ struct xs_permissions *xs_get_permissions(struct > > xs_handle *h, > > xs_transaction_t t, > > const char *path, unsigned int *num); > > > > -/* Set permissions of node (must be owner). > > - * Returns false on failure. > > +/* Set permissions of node (must be owner). Returns false on failure. > > + * > > + * Domain 0 may read / write anywhere in the store, regardless of > > + * permission settings. > > + * > > + * Note: > > + * The perms array is a list of (domid, permissions) pairs. The first > > + * element in the list specifies the owner of the list, plus the flags > > + * for every domain not explicitly specified subsequently. The > > + * subsequent entries are normal capabilities. > > + * > > + * Example C code: > > + * > > + * struct xs_permissions perms[2]; > > + * > > + * perms[0].id = dm_domid; > > + * perms[0].perms = XS_PERM_NONE; > > + * perms[1].id = guest_domid; > > + * perms[1].perms = XS_PERM_READ; > > + * > > + * It means the owner of the path is domain $dm_domid, > > Is it worth mentioning explicitly that the owner always gets an implicit > XS_PERM_READ|XS_PERM_WRITE? > No problem. I will send out v2 with this information and your ack. Wei. > > all other > > + * domains (unless specified in subsequent pair) can neither read from > > + * nor write to that path. It then specifies domain $guest_domid can > > + * read from that path. > > */ > > bool xs_set_permissions(struct xs_handle *h, xs_transaction_t t, > > const char *path, struct xs_permissions *perms, > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.