projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 53dabb1) | patch
tools/xenstore: allow special watches for privileged callers only
authorJuergen Gross <jgross@suse.com>
Tue, 15 Dec 2020 12:34:56 +0000 (13:34 +0100)
committerJan Beulich <jbeulich@suse.com>
Tue, 15 Dec 2020 12:34:56 +0000 (13:34 +0100)
commit190ddd3403bad28167a070388a904b02b956093c
treeb3b837a14169a7fc627de147089a7ded678fc539tree | snapshot
parent53dabb1fdb30788f9e1826c3543ecf19d37d60d4commit | diff
tools/xenstore: allow special watches for privileged callers only

The special watches "@introduceDomain" and "@releaseDomain" should be
allowed for privileged callers only, as they allow to gain information
about presence of other guests on the host. So send watch events for
those watches via privileged connections only.

In order to allow for disaggregated setups where e.g. driver domains
need to make use of those special watches add support for calling
"set permissions" for those special nodes, too.

This is part of XSA-115.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Julien Grall <jgrall@amazon.com>
Reviewed-by: Paul Durrant <paul@xen.org>
docs/misc/xenstore.txt diff | blob | history
tools/xenstore/xenstored_core.c diff | blob | history
tools/xenstore/xenstored_core.h diff | blob | history
tools/xenstore/xenstored_domain.c diff | blob | history
tools/xenstore/xenstored_domain.h diff | blob | history
tools/xenstore/xenstored_watch.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.