From: Juergen Gross <jgross@suse.com>
To: xen-devel@lists.xenproject.org
Cc: Juergen Gross <jgross@suse.com>, Ian Jackson <iwj@xenproject.org>,
Wei Liu <wl@xen.org>
Subject: [PATCH 3/5] tools/libs/store: drop read-only functionality
Date: Fri, 2 Oct 2020 17:41:39 +0200 [thread overview]
Message-ID: <20201002154141.11677-4-jgross@suse.com> (raw)
In-Reply-To: <20201002154141.11677-1-jgross@suse.com>
Today it is possible to open the connection in read-only mode via
xs_daemon_open_readonly(). This is working only with Xenstore running
as a daemon in the same domain as the user. Additionally it doesn't
add any security as accessing the socket used for that functionality
requires the same privileges as the socket used for full Xenstore
access.
So just drop the read-only semantics in all cases, leaving the
interface existing only for compatibility reasons. This in turn
requires to just ignore the XS_OPEN_READONLY flag.
Signed-off-by: Juergen Gross <jgross@suse.com>
---
tools/libs/store/include/xenstore.h | 8 --------
tools/libs/store/xs.c | 7 ++-----
2 files changed, 2 insertions(+), 13 deletions(-)
diff --git a/tools/libs/store/include/xenstore.h b/tools/libs/store/include/xenstore.h
index cbc7206a0f..158e69ef83 100644
--- a/tools/libs/store/include/xenstore.h
+++ b/tools/libs/store/include/xenstore.h
@@ -60,15 +60,12 @@ typedef uint32_t xs_transaction_t;
/* Open a connection to the xs daemon.
* Attempts to make a connection over the socket interface,
* and if it fails, then over the xenbus interface.
- * Mode 0 specifies read-write access, XS_OPEN_READONLY for
- * read-only access.
*
* * Connections made with xs_open(0) (which might be shared page or
* socket based) are only guaranteed to work in the parent after
* fork.
* * xs_daemon_open*() and xs_domain_open() are deprecated synonyms
* for xs_open(0).
- * * XS_OPEN_READONLY has no bearing on any of this.
*
* Returns a handle or NULL.
*/
@@ -83,11 +80,6 @@ void xs_close(struct xs_handle *xsh /* NULL ok */);
*/
struct xs_handle *xs_daemon_open(void);
struct xs_handle *xs_domain_open(void);
-
-/* Connect to the xs daemon (readonly for non-root clients).
- * Returns a handle or NULL.
- * Deprecated, please use xs_open(XS_OPEN_READONLY) instead
- */
struct xs_handle *xs_daemon_open_readonly(void);
/* Close the connection to the xs daemon.
diff --git a/tools/libs/store/xs.c b/tools/libs/store/xs.c
index 320734416f..4ac73ec317 100644
--- a/tools/libs/store/xs.c
+++ b/tools/libs/store/xs.c
@@ -302,7 +302,7 @@ struct xs_handle *xs_daemon_open(void)
struct xs_handle *xs_daemon_open_readonly(void)
{
- return xs_open(XS_OPEN_READONLY);
+ return xs_open(0);
}
struct xs_handle *xs_domain_open(void)
@@ -314,10 +314,7 @@ struct xs_handle *xs_open(unsigned long flags)
{
struct xs_handle *xsh = NULL;
- if (flags & XS_OPEN_READONLY)
- xsh = get_handle(xs_daemon_socket_ro());
- else
- xsh = get_handle(xs_daemon_socket());
+ xsh = get_handle(xs_daemon_socket());
if (!xsh)
xsh = get_handle(xs_domain_dev());
--
2.26.2
next prev parent reply other threads:[~2020-10-02 15:42 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-02 15:41 [PATCH 0/5] tools/xenstore: remove read-only socket Juergen Gross
2020-10-02 15:41 ` [PATCH 1/5] tools/xenstore: remove socket-only option from xenstore client Juergen Gross
2020-10-02 15:41 ` [PATCH 2/5] tools/libs/store: ignore XS_OPEN_SOCKETONLY flag Juergen Gross
2020-10-02 15:41 ` Juergen Gross [this message]
2020-10-07 10:54 ` [PATCH 3/5] tools/libs/store: drop read-only functionality Wei Liu
2020-10-07 10:57 ` Jürgen Groß
2020-10-07 11:50 ` Andrew Cooper
2020-10-07 12:45 ` Jürgen Groß
2020-10-07 13:54 ` Wei Liu
2020-10-02 15:41 ` [PATCH 4/5] tools: drop all deprecated usages of xs_*_open() and friends in tools Juergen Gross
2020-10-02 15:41 ` [PATCH 5/5] tools/xenstore: drop creation of read-only socket in xenstored Juergen Gross
2020-10-08 12:54 ` [PATCH 0/5] tools/xenstore: remove read-only socket Wei Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201002154141.11677-4-jgross@suse.com \
--to=jgross@suse.com \
--cc=iwj@xenproject.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.