diff options
Diffstat (limited to '0081-docs-enhance-xenstore.txt-with-permissions-descripti.patch')
| -rw-r--r-- | 0081-docs-enhance-xenstore.txt-with-permissions-descripti.patch | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/0081-docs-enhance-xenstore.txt-with-permissions-descripti.patch b/0081-docs-enhance-xenstore.txt-with-permissions-descripti.patch new file mode 100644 index 0000000..c0b9c4a --- /dev/null +++ b/0081-docs-enhance-xenstore.txt-with-permissions-descripti.patch @@ -0,0 +1,50 @@ +From 1f5b394d6ed0ee26b5878bd0cdf4a698bbc4294f Mon Sep 17 00:00:00 2001 +From: Juergen Gross <jgross@suse.com> +Date: Tue, 13 Sep 2022 07:35:13 +0200 +Subject: [PATCH 81/87] docs: enhance xenstore.txt with permissions description +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The permission scheme of Xenstore nodes is not really covered by +docs/misc/xenstore.txt, other than referring to the Xen wiki. + +Add a paragraph explaining the permissions of nodes, and especially +mentioning removal of nodes when a domain has been removed from +Xenstore. + +This is part of XSA-419. + +Signed-off-by: Juergen Gross <jgross@suse.com> +Reviewed-by: Edwin Török <edvin.torok@citrix.com> +Acked-by: Julien Grall <jgrall@amazon.com> +(cherry picked from commit d084d2c6dff7044956ebdf83a259ad6081a1d921) +--- + docs/misc/xenstore.txt | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/docs/misc/xenstore.txt b/docs/misc/xenstore.txt +index a7d006519ae8..eccd596ee38c 100644 +--- a/docs/misc/xenstore.txt ++++ b/docs/misc/xenstore.txt +@@ -43,6 +43,17 @@ bytes are forbidden; clients specifying relative paths should keep + them to within 2048 bytes. (See XENSTORE_*_PATH_MAX in xs_wire.h.) + + ++Each node has one or multiple permission entries. Permissions are ++granted by domain-id, the first permission entry of each node specifies ++the owner of the node. Permissions of a node can be changed by the ++owner of the node, the owner can only be modified by the control ++domain (usually domain id 0). The owner always has the right to read ++and write the node, while other permissions can be setup to allow ++read and/or write access. When a domain is being removed from Xenstore ++nodes owned by that domain will be removed together with all of those ++nodes' children. ++ ++ + Communication with xenstore is via either sockets, or event channel + and shared memory, as specified in io/xs_wire.h: each message in + either direction is a header formatted as a struct xsd_sockmsg +-- +2.37.4 + |