projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5259358) | patch
tools/xenstore: allow special watches for privileged callers only
authorJuergen Gross <jgross@suse.com>
Thu, 11 Jun 2020 14:12:45 +0000 (16:12 +0200)
committerJan Beulich <jbeulich@suse.com>
Tue, 15 Dec 2020 13:06:17 +0000 (14:06 +0100)
commit5073c6b169dd12ec02afc145d4177f97831646e0
treee0c6356505a15a63aaf10c6afe1b2373b72a2ebctree | snapshot
parent52593586d58086fe27cfbed3dc9beeae3d9c8c09commit | diff
tools/xenstore: allow special watches for privileged callers only

The special watches "@introduceDomain" and "@releaseDomain" should be
allowed for privileged callers only, as they allow to gain information
about presence of other guests on the host. So send watch events for
those watches via privileged connections only.

In order to allow for disaggregated setups where e.g. driver domains
need to make use of those special watches add support for calling
"set permissions" for those special nodes, too.

This is part of XSA-115.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Julien Grall <jgrall@amazon.com>
Reviewed-by: Paul Durrant <paul@xen.org>
docs/misc/xenstore.txt diff | blob | history
tools/xenstore/xenstored_core.c diff | blob | history
tools/xenstore/xenstored_core.h diff | blob | history
tools/xenstore/xenstored_domain.c diff | blob | history
tools/xenstore/xenstored_domain.h diff | blob | history
tools/xenstore/xenstored_watch.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.