projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ff18320) | patch
tools/xenstore: allow special watches for privileged callers only
authorJuergen Gross <jgross@suse.com>
Thu, 11 Jun 2020 14:12:45 +0000 (16:12 +0200)
committerHans van Kranenburg <hans@knorrie.org>
Tue, 15 Dec 2020 11:28:46 +0000 (12:28 +0100)
commit0ecf7959153a9b9b5c362c872dcd4e3ef24269c6
tree234e7fb0328364a34a4928522144dfe186ecae32tree | snapshot
parentff1832016ae3b187b2246672ce14cbe3c06273dccommit | diff
tools/xenstore: allow special watches for privileged callers only

The special watches "@introduceDomain" and "@releaseDomain" should be
allowed for privileged callers only, as they allow to gain information
about presence of other guests on the host. So send watch events for
those watches via privileged connections only.

In order to allow for disaggregated setups where e.g. driver domains
need to make use of those special watches add support for calling
"set permissions" for those special nodes, too.

This is part of XSA-115.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Julien Grall <jgrall@amazon.com>
Reviewed-by: Paul Durrant <paul@xen.org>
docs/misc/xenstore.txt diff | blob | history
tools/xenstore/xenstored_core.c diff | blob | history
tools/xenstore/xenstored_core.h diff | blob | history
tools/xenstore/xenstored_domain.c diff | blob | history
tools/xenstore/xenstored_domain.h diff | blob | history
tools/xenstore/xenstored_watch.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.