[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Mini-OS Xenstore Permissions

Apologies for the late reply, I was without an internet connection.

On Mon, Jul 2, 2012 at 5:24 PM, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote:
On Mon, 2012-07-02 at 17:12 +0100, Adrian Shaw wrote:

>
>         > e.g. /local/domain/16
>
>         Where are you getting this path from at runtime?
>
> Using xs_get_domain_path

Doh, yeah ;-)

Where do you get the domid from?

Sorry :-P using xenbus_get_self_id() 
 
>
>         Is it just /local/domain/<domid> or subkeys under it too e.g.
>         can you
>         read /local/domain/<domid>/vm or /local/domain/<domid>/name?
>
>
> I have tried to write subkeys too, however I'm not sure whether I was
> doing so correctly. It yields the same error code.

Those ones are read-only. I know that xl creates a writable area
as /l/d/<domid>/data but I don't know about xend.

> There is no xs_mkdir implementation in Mini-OS, strangely.

I expect noone ever needed it yet, should be easy to add if you want.

As you may have gathered, I don't have the confidence or expertise to write it, but perhaps one day :-)
 
>
>         How are you loading the domain?
>
> Using xm create mystub.config -c, unless you mean something more
> specific?
> Is there anything about permissions I should be placing in the
> configuration file?

Nope, it should all Just Work in this regard.


>
>         "xenstore-ls -fp" should give you some insight into the
>         permissions
>         which are being set.
>
>
> I have tried that already, but couldn't find anything that explains
> what n0 or r0 mean?

http://wiki.xen.org/wiki/XenBus#Permissions has a bit on the (mad)
permission scheme.

It uses Python syntax though. n == no permissions, r == read only, w ==
write only, b == both. The number is the domain. The quirk is that the
first entry in the list is the owner and the permissions for all *other*
users (unless overridden further down the list)

Thanks for clearing that up, noted.
 
Clear as mud I expect...

BY way of an example:

/local/domain/1 = ""   (n0,r1)

Means that domain 0 owns this path and can therefore read and write and
nobody else has any read or write privilege (the "n0" means this),
except domain 1 who can read it (the "r1"). So it seems that it is
expected that a domain cannot write /local/domain/<domid>, but it ought
to be able to read it.


>         I wouldn't be surprised if a domain could not write
>         to /local/domain/<domid> itself but there should be accessible
>         keys
>         under there.
>
>
> How can I browse these available keys at runtime?

xenstore-ls on the cmd line or xs_directory().

Many thanks Ian, I'll give that a shot. Could not figure out what that function was for.
 
Ian.





_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.