[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] tools: add XS_RESTRICT operation to C xenstore client libs.

To: Tim Deegan <Tim.Deegan@xxxxxxxxxx>
From: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Date: Fri, 2 Jul 2010 17:50:35 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 02 Jul 2010 09:51:39 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Tim Deegan writes ("[Xen-devel] [PATCH] tools: add XS_RESTRICT operation to C 
xenstore client libs."):
> The OCaml xenstored supports the XS_RESTRICT operation, which
> deprivileges a dom0 xenstore connection so it can only affect one
> domain's entries.   Add the relevant definitions to the C libraries 
> so that callers can use it. 

Can you explain what this is for, please ?  If it's for security
against a hostile caller, what prevents the caller from simply opening
another xenstore connection ?

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] tools: add XS_RESTRICT operation to C xenstore client libs.
  - From: Keir Fraser

References:
- [Xen-devel] [PATCH] tools: add XS_RESTRICT operation to C xenstore client libs.
  - From: Tim Deegan

Prev by Date: RE: [Xen-devel] Multi-vcpu HVM Linux domain hanging during boot
Next by Date: Re: [Xen-devel] State of gdbsx in xen-4.0-testing.hg and debugger documentation.
Previous by thread: [Xen-devel] [PATCH] tools: add XS_RESTRICT operation to C xenstore client libs.
Next by thread: Re: [Xen-devel] [PATCH] tools: add XS_RESTRICT operation to C xenstore client libs.
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.