From dcc12cc1b7405b5435b9a3ee3456af82060c5d8e Mon Sep 17 00:00:00 2001 From: Wei Liu Date: Tue, 31 Mar 2015 13:26:11 +0100 Subject: [PATCH] xenstore: document xs_set_permissions Signed-off-by: Wei Liu Cc: Ian Campbell Cc: Ian Jackson Acked-by: Ian Campbell --- tools/xenstore/include/xenstore.h | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/tools/xenstore/include/xenstore.h b/tools/xenstore/include/xenstore.h index b4b113edd8..43ee93f8dc 100644 --- a/tools/xenstore/include/xenstore.h +++ b/tools/xenstore/include/xenstore.h @@ -149,8 +149,31 @@ struct xs_permissions *xs_get_permissions(struct xs_handle *h, xs_transaction_t t, const char *path, unsigned int *num); -/* Set permissions of node (must be owner). - * Returns false on failure. +/* Set permissions of node (must be owner). Returns false on failure. + * + * Domain 0 may read / write anywhere in the store, regardless of + * permission settings. + * + * Note: + * The perms array is a list of (domid, permissions) pairs. The first + * element in the list specifies the owner of the list, plus the flags + * for every domain not explicitly specified subsequently. The + * subsequent entries are normal capabilities. + * + * Example C code: + * + * struct xs_permissions perms[2]; + * + * perms[0].id = dm_domid; + * perms[0].perms = XS_PERM_NONE; + * perms[1].id = guest_domid; + * perms[1].perms = XS_PERM_READ; + * + * It means the owner of the path is domain $dm_domid (hence it always + * has read and write permission), all other domains (unless specified + * in subsequent pair) can neither read from nor write to that + * path. It then specifies domain $guest_domid can read from that + * path. */ bool xs_set_permissions(struct xs_handle *h, xs_transaction_t t, const char *path, struct xs_permissions *perms, -- 2.30.2