[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] docs: clarify xenstore permission documentation
- To: Juergen Gross <jgross@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Date: Thu, 9 Feb 2023 15:15:33 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=R1dy27LkRf7OQPFi3BOzbyJXyGzwsItRcKR442purcQ=; b=mPwVGXx6QwuRpIZGQUSkBSx8oaPDksXeKcvRqioBQHYi1n1fMTvHuGex5GJvGr6GAtBm4JpTy/6ZMxamWFHEL88S8oKbvaaBxAUhMyMGG00qYyheegAsbhKrXagWaIUGtdLRIRdkC3ZEOdgwknajejXMoaPJBnYwMAm9E9PffOXhRqL3mP5MMsBb60+o69OX2sYQr5VQrm5O9DVku/QmV2/6HT7dHZMX18+HQ9UC6pvZmIblkkAUqWOsNFj1THph+T1HlG3+JYlpYefcbghwYrr0JQBA65jz2/vybEzzhEM6YtC/IwUp9Tj5eQjC8SXBqLPqZQ/fQLc1eFxSBOVQxQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W2EotzuG5oPOfW7TwThUSh5rn+6y45bw1WVxrUoERe7/bHcZVmo+RNKm6dvKVlEm5cp3Mt7AB97zAiECr4cQLUqOilAax9OwzYfjwU9QbKRUJctHQvTU8lJEGJ/qmi5UsVAeCFBtNCyCpsYYYpbWEU0ijYD7IOVTJ6q6XvKbzydFQnyZ7mgpKVlSidwfTjV5J7IcqpL1SaqP420Gx5FEgy9eiI0iD1zsa7VZ7PCbzOkIyj79lwdGdJrGds7bIuAT1qWL8Tsi+ocsXCS7SclHdvR7uAKj3xRnXKSQcvmnQvDac4AlzRjdZ45UgnAZKO3N96HCJhHNAncHyxtqlGQs3A==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Edwin Torok <edvin.torok@xxxxxxxxxx>
- Delivery-date: Thu, 09 Feb 2023 15:16:24 +0000
- Ironport-data: A9a23:M8nrm6qGxX4YTpujrtqgBhwOhAheBmL8ZBIvgKrLsJaIsI4StFCzt garIBmGOv/bZjShf9AlbN+//EwOusKGytRrSQY5pC01HnkVopuZCYyVIHmrMnLJJKUvbq7FA +Y2MYCccZ9uHhcwgj/3b9ANeFEljfngqoLUUbKCYWYpA1c/Ek/NsDo788YhmIlknNOlNA2Ev NL2sqX3NUSsnjV5KQr40YrawP9UlKm06WxwUmAWP6gR5weEzyhNV/rzGInqR5fGatgMdgKFb 76rIIGRpgvx4xorA9W5pbf3GmVirmn6ZFXmZtJ+AsBOszAazsAA+v9T2Mk0MC+7vw6hjdFpo OihgLTrIesf0g8gr8xGO/VQO3kW0aSrY9YrK1Dn2SCY5xWun3cBX5yCpaz5VGEV0r8fPI1Ay RAXADwKMhveveaJ+ZKqSuJrj5QtcZLtP7pK7xmMzRmBZRonabbqZvySoPN9gnI3jM0IGuvCb c0EbzYpdA7HfxBEJlYQDtQ5gfusgX78NTZfrTp5p4JuuzSVkFM3jeiraYKKEjCJbZw9ckKwj 2TK5WnmRDodM8SS02Gt+XOwnO7f2yj8Xer+EZXpqKU13wzDmwT/DjUrRHqCjfjgjXKEfMkHG V4+93YOq7c9oRnDot7VGkfQTGS/lhwTQd1LCMUh9RqAjKHT5m6xFmUCCzJMdtEinMs3XiAxk E+EmcvzAj5iu6HTTmiSnp+Wpz6vPSkeLUcZeDQJCwAC5rHLopw3jx/JZsZuFuiylNKdMSrr3 zmAoSw6hrMSpc0GzaO2+RbAmT3EjofNZh444EPQRG3N0+9iTIusZojt5V2F6/9Fdd6dVgPY5 CdCnNWC5ucTC53LjDaKXOgGALCu4bCCLSHYhllsWZIm8lxB5kKeQGyZ2xkmTG8BDyrOUWO1C KMPkWu9PKNuAUY=
- Ironport-hdrordr: A9a23:XkVGHKDIhC3WFDjlHel+55DYdb4zR+YMi2TDtnoBMyC9F/byqy nAppomPHPP5Qr5G0tBpTn4AtjnfZqEz+8N3WBzB9aftWvdyRCVxehZhOOJ/9SKIULDH4BmuZ uIPJIOa+HYPBxWgcP7/wWiA78bsby6GMfBv5an857Bd3APV0gl1XYfNi+LVkl7XhNPC5YaGI r03Lskmwad
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 09/02/2023 2:41 pm, Juergen Gross wrote:
> In docs/misc/xenstore.txt the description of the Xenstore node access
> permissions is missing one important aspect, which can be found only
> in the code or in the wiki [1]:
>
> The first permission entry is defining the owner of the node via the
> domid, and the access rights for all domains NOT having a dedicated
> permission entry.
>
> Make that aspect clear in the official documentation.
>
> [1]: https://wiki.xenproject.org/wiki/XenBus#Permissions
>
> Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
I feel as if Edvin deserves some kind of credit here, seeing as it was
his observation...
Also, CC to double check the wording.
~Andrew
> ---
> docs/misc/xenstore.txt | 17 ++++++++++-------
> 1 file changed, 10 insertions(+), 7 deletions(-)
>
> diff --git a/docs/misc/xenstore.txt b/docs/misc/xenstore.txt
> index 8887e7df88..d807ef0709 100644
> --- a/docs/misc/xenstore.txt
> +++ b/docs/misc/xenstore.txt
> @@ -45,13 +45,16 @@ them to within 2048 bytes. (See XENSTORE_*_PATH_MAX in
> xs_wire.h.)
>
> Each node has one or multiple permission entries. Permissions are
> granted by domain-id, the first permission entry of each node specifies
> -the owner of the node. Permissions of a node can be changed by the
> -owner of the node, the owner can only be modified by the control
> -domain (usually domain id 0). The owner always has the right to read
> -and write the node, while other permissions can be setup to allow
> -read and/or write access. When a domain is being removed from Xenstore
> -nodes owned by that domain will be removed together with all of those
> -nodes' children.
> +the owner of the node, who always has full access to the node (read and
> +write permission). The access rights of the first entry specify the
> +allowed access for all domains not having a dedicated permission entry
> +(the default is "n", removing access for all domains not explicitly
> +added via additional permission entries). Permissions of a node can be
> +changed by the owner of the node, the owner can only be modified by the
> +control domain (usually domain id 0). Other permissions can be setup to
> +allow read and/or write access for other domains. When a domain is
> +being removed from Xenstore nodes owned by that domain will be removed
> +together with all of those nodes' children.
>
>
> Communication with xenstore is via either sockets, or event channel
|