From: Ian Campbell <Ian.Campbell@citrix.com>
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
Subject: Re: [PATCH 16/18] xenstored: use domain_is_unprivileged instead of checking conn->id
Date: Wed, 18 Jan 2012 11:44:37 +0000 [thread overview]
Message-ID: <1326887077.14689.214.camel@zakaz.uk.xensource.com> (raw)
In-Reply-To: <1326411330-7915-17-git-send-email-dgdegra@tycho.nsa.gov>
On Thu, 2012-01-12 at 23:35 +0000, Daniel De Graaf wrote:
> This centralizes all the permission checking for privileged domains in
> preparation for allowing domains other than dom0 to be privileged.
>
> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> ---
> tools/xenstore/xenstored_core.c | 6 +++---
> tools/xenstore/xenstored_domain.c | 8 ++++----
> 2 files changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
> index 4ec63f1..eea5fd6 100644
> --- a/tools/xenstore/xenstored_core.c
> +++ b/tools/xenstore/xenstored_core.c
> @@ -488,7 +488,7 @@ static enum xs_perm_type perm_for_conn(struct connection *conn,
> mask &= ~XS_PERM_WRITE;
>
> /* Owners and tools get it all... */
> - if (!conn->id || perms[0].id == conn->id
> + if (!domain_is_unprivileged(conn) || perms[0].id == conn->id
domain_is_unprivileged is:
conn && conn->domain && conn->domain->domid != 0
which isn't quite the same as the code being replaced. The difference
appears to be the conn->id is valid for socket connections as well as
domain connections whereas conn->domain is only present for domain
connections.
Does this change not mean that, for the dom0-process xenstored
configuration we now treat socket based connections as unprivileged
where previously they would be unprivileged?
> || (conn->target && perms[0].id == conn->target->id))
> return (XS_PERM_READ|XS_PERM_WRITE|XS_PERM_OWNER) & mask;
>
> @@ -826,11 +826,11 @@ static struct node *construct_node(struct connection *conn, const char *name)
> node->tdb = tdb_context(conn);
> node->name = talloc_strdup(node, name);
>
> - /* Inherit permissions, except domains own what they create */
> + /* Inherit permissions, except unprivileged domains own what they create */
> node->num_perms = parent->num_perms;
> node->perms = talloc_memdup(node, parent->perms,
> node->num_perms * sizeof(node->perms[0]));
> - if (conn && conn->id)
> + if (domain_is_unprivileged(conn))
> node->perms[0].id = conn->id;
>
> /* No children, no data */
> diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c
> index 648eb1d..5f4a09e 100644
> --- a/tools/xenstore/xenstored_domain.c
> +++ b/tools/xenstore/xenstored_domain.c
> @@ -336,7 +336,7 @@ void do_introduce(struct connection *conn, struct buffered_data *in)
> return;
> }
>
> - if (conn->id != 0 || !conn->can_write) {
> + if (domain_is_unprivileged(conn) || !conn->can_write) {
> send_error(conn, EACCES);
> return;
> }
> @@ -413,7 +413,7 @@ void do_set_target(struct connection *conn, struct buffered_data *in)
> return;
> }
>
> - if (conn->id != 0 || !conn->can_write) {
> + if (domain_is_unprivileged(conn) || !conn->can_write) {
> send_error(conn, EACCES);
> return;
> }
> @@ -465,7 +465,7 @@ void do_release(struct connection *conn, const char *domid_str)
> return;
> }
>
> - if (conn->id != 0) {
> + if (domain_is_unprivileged(conn)) {
> send_error(conn, EACCES);
> return;
> }
> @@ -502,7 +502,7 @@ void do_resume(struct connection *conn, const char *domid_str)
> return;
> }
>
> - if (conn->id != 0) {
> + if (domain_is_unprivileged(conn)) {
> send_error(conn, EACCES);
> return;
> }
next prev parent reply other threads:[~2012-01-18 11:44 UTC|newest]
Thread overview: 128+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-11 17:21 [RFC PATCH 0/18] Xenstore stub domain Daniel De Graaf
2012-01-11 17:21 ` [PATCH 01/18] xen: reinstate previously unused XENMEM_remove_from_physmap hypercall Daniel De Graaf
2012-01-12 8:22 ` Jan Beulich
2012-01-11 17:21 ` [PATCH 02/18] xen: allow global VIRQ handlers to be delegated to other domains Daniel De Graaf
2012-01-12 8:43 ` Jan Beulich
2012-01-11 17:21 ` [PATCH 03/18] xsm: allow use of XEN_DOMCTL_getdomaininfo by non-IS_PRIV domains Daniel De Graaf
2012-01-11 17:27 ` Keir Fraser
2012-01-11 17:36 ` Daniel De Graaf
2012-01-11 17:49 ` Keir Fraser
2012-01-11 17:21 ` [PATCH 04/18] xen: Preserve reserved grant entries when switching versions Daniel De Graaf
2012-01-12 8:53 ` Jan Beulich
2012-01-12 9:49 ` Ian Campbell
2012-01-12 9:56 ` Ian Campbell
2012-01-11 17:21 ` [PATCH 05/18] tools/libxl: Add xenstore and console backend domain IDs to config Daniel De Graaf
2012-01-11 17:21 ` [PATCH 06/18] lib{xc, xl}: Seed grant tables with xenstore and console grants Daniel De Graaf
2012-01-12 9:59 ` Ian Campbell
2012-01-12 15:11 ` Daniel De Graaf
2012-01-12 16:12 ` Ian Campbell
2012-01-12 17:21 ` Ian Jackson
2012-01-12 17:32 ` Daniel De Graaf
2012-01-12 17:35 ` Ian Jackson
2012-01-12 17:38 ` Ian Campbell
2012-01-12 17:47 ` Daniel De Graaf
2012-01-11 17:21 ` [PATCH 07/18] mini-os: avoid crash if no console is provided Daniel De Graaf
2012-01-12 10:03 ` Ian Campbell
2012-01-12 17:56 ` Daniel De Graaf
2012-01-18 10:21 ` Ian Campbell
2012-01-11 17:21 ` [PATCH 08/18] mini-os: avoid crash if no xenstore " Daniel De Graaf
2012-01-11 17:21 ` [PATCH 09/18] mini-os: remove per-fd evtchn limit Daniel De Graaf
2012-01-11 17:21 ` [PATCH 10/18] xenstored: use grant references instead of map_foreign_range Daniel De Graaf
2012-01-11 17:21 ` [PATCH 11/18] xenstored: add NO_SOCKETS compilation option Daniel De Graaf
2012-01-12 10:05 ` Ian Campbell
2012-01-11 17:21 ` [PATCH 12/18] xenstored support for in-memory rather than FS based trivial DB (needed to run on mini-OS) Daniel De Graaf
2012-01-11 17:21 ` [PATCH 13/18] xenstored: support running in minios stubdom Daniel De Graaf
2012-01-11 17:21 ` [PATCH 14/18] xenstored: always use xc_gnttab_munmap in stubdom Daniel De Graaf
2012-01-11 17:21 ` [PATCH 15/18] xenstored: add --event parameter for bootstrapping Daniel De Graaf
2012-01-11 17:21 ` [PATCH 16/18] xenstored: pull dom0 event port from shared page Daniel De Graaf
2012-01-11 17:21 ` [PATCH 17/18] xenstored: use domain_is_unprivileged instead of checking conn->id Daniel De Graaf
2012-01-11 17:21 ` [PATCH 18/18] xenstored: add --priv-domid parameter Daniel De Graaf
2012-01-12 10:20 ` Ian Campbell
2012-01-12 15:37 ` Daniel De Graaf
2012-01-11 17:22 ` [PATCH] xenbus: Add support for xenbus backend in stub domain Daniel De Graaf
2012-01-12 8:59 ` Jan Beulich
2012-01-12 15:28 ` Daniel De Graaf
2012-01-12 15:40 ` Jan Beulich
2012-01-12 15:58 ` Daniel De Graaf
2012-01-12 9:51 ` [RFC PATCH 0/18] Xenstore " Ian Campbell
2012-01-12 9:57 ` Ian Campbell
2012-01-12 23:32 ` Daniel De Graaf
2012-01-12 10:33 ` Joanna Rutkowska
2012-01-12 10:48 ` Tim Deegan
2012-01-12 11:18 ` On Dom0 disaggregation (was: Re: [RFC PATCH 0/18] Xenstore stub domain) Joanna Rutkowska
2012-01-12 12:13 ` Tim Deegan
2012-01-12 13:30 ` On Dom0 disaggregation Joanna Rutkowska
2012-01-12 14:21 ` Tim Deegan
2012-01-12 14:23 ` Mihir Nanavati
2012-01-12 11:27 ` [RFC PATCH 0/18] Xenstore stub domain Ian Campbell
2012-01-12 11:33 ` Vasiliy Tolstov
2012-01-12 11:46 ` Ian Campbell
2012-01-12 11:35 ` Joanna Rutkowska
2012-01-12 11:46 ` Ian Campbell
2012-01-12 11:00 ` Keir Fraser
2012-01-12 16:12 ` Daniel De Graaf
2012-01-12 23:35 ` [PATCH v2 00/18] " Daniel De Graaf
2012-01-12 23:35 ` [PATCH 01/18] xen: reinstate previously unused XENMEM_remove_from_physmap hypercall Daniel De Graaf
2012-01-13 7:56 ` Jan Beulich
2012-01-18 10:36 ` Ian Campbell
2012-01-18 14:56 ` Daniel De Graaf
2012-01-18 16:06 ` Ian Campbell
2012-01-18 19:07 ` Daniel De Graaf
2012-01-19 10:32 ` Ian Campbell
2012-01-12 23:35 ` [PATCH 02/18] xen: allow global VIRQ handlers to be delegated to other domains Daniel De Graaf
2012-01-13 8:03 ` Jan Beulich
2012-01-13 13:58 ` Daniel De Graaf
2012-01-13 15:32 ` Jan Beulich
2012-01-18 10:39 ` Ian Campbell
2012-01-18 11:28 ` Jan Beulich
2012-01-18 11:44 ` Ian Campbell
2012-01-12 23:35 ` [PATCH 03/18] xen: use XSM instead of IS_PRIV for getdomaininfo Daniel De Graaf
2012-01-12 23:35 ` [PATCH 04/18] xen: Preserve reserved grant entries when switching versions Daniel De Graaf
2012-01-13 8:07 ` Jan Beulich
2012-01-18 10:43 ` Ian Campbell
2012-01-12 23:35 ` [PATCH 05/18] tools/libxl: pull xenstore/console domids from xenstore Daniel De Graaf
2012-01-18 10:47 ` Ian Campbell
2012-01-12 23:35 ` [PATCH 06/18] lib{xc, xl}: Seed grant tables with xenstore and console grants Daniel De Graaf
2012-01-18 11:05 ` Ian Campbell
2012-01-20 20:24 ` Daniel De Graaf
2012-01-12 23:35 ` [PATCH 07/18] mini-os: avoid crash if no console is provided Daniel De Graaf
2012-01-18 11:06 ` Ian Campbell
2012-01-12 23:35 ` [PATCH 08/18] mini-os: avoid crash if no xenstore " Daniel De Graaf
2012-01-18 11:08 ` Ian Campbell
2012-01-12 23:35 ` [PATCH 09/18] mini-os: remove per-fd evtchn limit Daniel De Graaf
2012-01-18 11:10 ` Ian Campbell
2012-01-12 23:35 ` [PATCH 10/18] xenstored: use grant references instead of map_foreign_range Daniel De Graaf
2012-01-18 11:15 ` Ian Campbell
2012-01-18 18:18 ` Daniel De Graaf
2012-01-12 23:35 ` [PATCH 11/18] xenstored: add NO_SOCKETS compilation option Daniel De Graaf
2012-01-18 11:23 ` Ian Campbell
2012-01-12 23:35 ` [PATCH 12/18] xenstored support for in-memory rather than FS based trivial DB (needed to run on mini-OS) Daniel De Graaf
2012-01-18 11:27 ` Ian Campbell
2012-01-12 23:35 ` [PATCH 13/18] xenstored: support running in minios stubdom Daniel De Graaf
2012-01-18 11:33 ` Ian Campbell
2012-01-18 17:13 ` Ian Jackson
2012-01-18 17:35 ` Ian Campbell
2012-01-24 16:24 ` Ian Jackson
2012-01-12 23:35 ` [PATCH 14/18] xenstored: always use xc_gnttab_munmap in stubdom Daniel De Graaf
2012-01-12 23:35 ` [PATCH 15/18] xenstored: add --event parameter for bootstrapping Daniel De Graaf
2012-01-18 11:35 ` Ian Campbell
2012-01-12 23:35 ` [PATCH 16/18] xenstored: use domain_is_unprivileged instead of checking conn->id Daniel De Graaf
2012-01-18 11:44 ` Ian Campbell [this message]
2012-01-18 18:31 ` Daniel De Graaf
2012-01-12 23:35 ` [PATCH 17/18] xenstored: add --priv-domid parameter Daniel De Graaf
2012-01-18 11:48 ` Ian Campbell
2012-01-18 14:41 ` Daniel De Graaf
2012-01-18 14:47 ` Ian Campbell
2012-01-12 23:35 ` [PATCH 18/18] xenstored: Add stub domain builder Daniel De Graaf
2012-01-18 11:50 ` Ian Campbell
2012-01-12 23:36 ` [PATCH] xenbus: Add support for xenbus backend in stub domain Daniel De Graaf
2012-01-13 8:20 ` Jan Beulich
2012-01-13 14:06 ` Daniel De Graaf
2012-01-13 15:37 ` Jan Beulich
2012-01-13 15:44 ` Daniel De Graaf
2012-01-13 16:00 ` Jan Beulich
2012-01-13 17:42 ` Daniel De Graaf
2012-01-16 8:19 ` Jan Beulich
2012-01-18 12:07 ` Ian Campbell
2012-01-18 14:44 ` Daniel De Graaf
2012-01-18 10:23 ` [PATCH v2 00/18] Xenstore " Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1326887077.14689.214.camel@zakaz.uk.xensource.com \
--to=ian.campbell@citrix.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.