[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 18/18] xenstored: add --priv-domid parameter



On Wed, 2012-01-11 at 17:21 +0000, Daniel De Graaf wrote:
> This parameter identifies an alternative service domain which has
> superuser access to the xenstore database, which is currently required
> to set up a new domain's xenstore entries.
> 
> Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> ---
>  tools/xenstore/xenstored_core.c   |    5 +++++
>  tools/xenstore/xenstored_core.h   |    1 +
>  tools/xenstore/xenstored_domain.c |    2 +-
>  3 files changed, 7 insertions(+), 1 deletions(-)
> 
> diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
> index 65ceb2c..4437c8d 100644
> --- a/tools/xenstore/xenstored_core.c
> +++ b/tools/xenstore/xenstored_core.c
> @@ -1777,6 +1777,7 @@ static struct option options[] = {
>       { "event", 1, NULL, 'e' },
>       { "help", 0, NULL, 'H' },
>       { "no-fork", 0, NULL, 'N' },
> +     { "priv-domid", 1, NULL, 'p' },
>       { "output-pid", 0, NULL, 'P' },
>       { "entry-size", 1, NULL, 'S' },
>       { "trace-file", 1, NULL, 'T' },
> @@ -1789,6 +1790,7 @@ static struct option options[] = {
>  
>  extern void dump_conn(struct connection *conn); 
>  int dom0_event = 0;
> +int priv_domid = 0;
>  
>  int main(int argc, char *argv[])
>  {
> @@ -1854,6 +1856,9 @@ int main(int argc, char *argv[])
>               case 'e':
>                       dom0_event = strtol(optarg, NULL, 10);
>                       break;
> +             case 'p':
> +                     priv_domid = strtol(optarg, NULL, 10);
> +                     break;
>               }
>       }
>       if (optind != argc)
> diff --git a/tools/xenstore/xenstored_core.h b/tools/xenstore/xenstored_core.h
> index d3040ba..03e2e48 100644
> --- a/tools/xenstore/xenstored_core.h
> +++ b/tools/xenstore/xenstored_core.h
> @@ -169,6 +169,7 @@ void dtrace_io(const struct connection *conn, const 
> struct buffered_data *data,
>  
>  extern int event_fd;
>  extern int dom0_event;
> +extern int priv_domid;
>  
>  /* Map the kernel's xenstore page. */
>  void *xenbus_map(void);
> diff --git a/tools/xenstore/xenstored_domain.c 
> b/tools/xenstore/xenstored_domain.c
> index 5bf16e8..ba9a5ef 100644
> --- a/tools/xenstore/xenstored_domain.c
> +++ b/tools/xenstore/xenstored_domain.c
> @@ -241,7 +241,7 @@ bool domain_can_read(struct connection *conn)
>  
>  bool domain_is_unprivileged(struct connection *conn)
>  {
> -     return (conn && conn->domain && conn->domain->domid != 0);
> +     return (conn && conn->domain && conn->domain->domid != 0 && 
> conn->domain->domid != priv_domid);

Is it deliberate / desirable that both dom0 and domPRIV are privileged
when this option is used? Or should it be just one or the other, which
is equivalent to removing the domid!=0 check since priv_domid defaults
to 0.

Ian.

>  }
>  
>  bool domain_can_write(struct connection *conn)



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.