[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Mini-OS Xenstore Permissions

To: Adrian Shaw <axs911@xxxxxxxxxxxxx>
From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Date: Mon, 2 Jul 2012 17:24:53 +0100
Cc: xen-users <xen-users@xxxxxxxxxxxxx>
Delivery-date: Mon, 02 Jul 2012 16:25:42 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

On Mon, 2012-07-02 at 17:12 +0100, Adrian Shaw wrote:

>  
>         > e.g. /local/domain/16
>         
>         Where are you getting this path from at runtime?
>         
> Using xs_get_domain_path

Doh, yeah ;-)

Where do you get the domid from?

>  
>         Is it just /local/domain/<domid> or subkeys under it too e.g.
>         can you
>         read /local/domain/<domid>/vm or /local/domain/<domid>/name?
>         
>         
> I have tried to write subkeys too, however I'm not sure whether I was
> doing so correctly. It yields the same error code.

Those ones are read-only. I know that xl creates a writable area
as /l/d/<domid>/data but I don't know about xend.

> There is no xs_mkdir implementation in Mini-OS, strangely. 

I expect noone ever needed it yet, should be easy to add if you want.

>         
>         How are you loading the domain?
>         
> Using xm create mystub.config -c, unless you mean something more
> specific?
> Is there anything about permissions I should be placing in the
> configuration file?

Nope, it should all Just Work in this regard.

>  
>         "xenstore-ls -fp" should give you some insight into the
>         permissions
>         which are being set.
> 
> 
> I have tried that already, but couldn't find anything that explains
> what n0 or r0 mean?

http://wiki.xen.org/wiki/XenBus#Permissions has a bit on the (mad)
permission scheme.

It uses Python syntax though. n == no permissions, r == read only, w ==
write only, b == both. The number is the domain. The quirk is that the
first entry in the list is the owner and the permissions for all *other*
users (unless overridden further down the list)

Clear as mud I expect...

BY way of an example:

/local/domain/1 = ""   (n0,r1)

Means that domain 0 owns this path and can therefore read and write and
nobody else has any read or write privilege (the "n0" means this),
except domain 1 who can read it (the "r1"). So it seems that it is
expected that a domain cannot write /local/domain/<domid>, but it ought
to be able to read it.

>         I wouldn't be surprised if a domain could not write
>         to /local/domain/<domid> itself but there should be accessible
>         keys
>         under there.
>         
>         
> How can I browse these available keys at runtime?

xenstore-ls on the cmd line or xs_directory().

Ian.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

Follow-Ups:
- Re: [Xen-users] Mini-OS Xenstore Permissions
  - From: Adrian Shaw

References:
- [Xen-users] Mini-OS Xenstore Permissions
  - From: Adrian Shaw
- Re: [Xen-users] Mini-OS Xenstore Permissions
  - From: Ian Campbell
- Re: [Xen-users] Mini-OS Xenstore Permissions
  - From: Adrian Shaw

Prev by Date: Re: [Xen-users] Mini-OS Xenstore Permissions
Next by Date: Re: [Xen-users] Xen 10GBit Ethernet network performance (was: Re: Experience with Xen & AMD Opteron 4200 series?)
Previous by thread: Re: [Xen-users] Mini-OS Xenstore Permissions
Next by thread: Re: [Xen-users] Mini-OS Xenstore Permissions
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.