Re: [Xen-users] Mini-OS Xenstore Permissions

[Ian Campbell <Ian.Campbell@xxxxxxxxxx>]

On Mon, 2012-07-02 at 16:45 +0100, Adrian Shaw wrote:
> Good evening to you all,
> 
> 
> Apologies if this is a naive question. 
> I am currently working on the Mini-OS stubdomain and trying to access
> the Xenstore.
> Mini-OS has its own implementation for accessing the Xenstore
> (xs_wire.h) with functions such as xs_write, xs_read etc
> However when the stubdomain is run it doesn't even have permission to
> access its own local area in the Xenstore,

access == write or read as well?

> e.g. /local/domain/16 

Where are you getting this path from at runtime?

Is it just /local/domain/<domid> or subkeys under it too e.g. can you
read /local/domain/<domid>/vm or /local/domain/<domid>/name?

> 
> (I get an EACESS error code)
> 
> 
> I have tried reading the wiki but it isn't clear when permissions need
> to be set.


> Are they meant to be set before the stubdomain is launched?
> Is it like this by default?

The toolstack should do this for you, before launching the domain.

How are you loading the domain?

"xenstore-ls -fp" should give you some insight into the permissions
which are being set. I wouldn't be surprised if a domain could not write
to /local/domain/<domid> itself but there should be accessible keys
under there.

> Furthermore, is Mini-OS capable of setting permissions for other
> guests to access a particular path in the Xenstore, using a C call?
> So far I have not seen anything that does this.

Usually only the toolstack can control permissions in this way.

This is relaxed slightly for a qemu-stubdomain which does have some
additional XS privileges over the domain for which it is the device
model (but only that domain).

> I'd be grateful if you can clear up this confusion I'm having.
> 
> 
> Regards,
> 
> 
> Adrian



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users