New XS_SET_TARGET
Stubdomains (and probably other domain disagregation elements too) need
to be able to tinker with another domain. This adds XS_SET_TARGET so
that XenStore allows domains to have permissions on files on which the
"target" has permissions. This also adds xs_set_target, called by the
domain builder when the ''target'' option is used in the
configuration.
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
---
This patch depends on the previous "New XEN_DOMCTL_set_target and
IS_PRIV_FOR" patch.
diff -u b/tools/python/xen/xend/XendDomainInfo.py
b/tools/python/xen/xend/XendDomainInfo.py
--- b/tools/python/xen/xend/XendDomainInfo.py Wed Jan 23 11:36:15 2008 +0000
+++ b/tools/python/xen/xend/XendDomainInfo.py Wed Jan 23 11:36:15 2008 +0000
@@ -47,7 +47,7 @@
from xen.xend.XendDevices import XendDevices
from xen.xend.XendTask import XendTask
from xen.xend.xenstore.xstransact import xstransact, complete
-from xen.xend.xenstore.xsutil import GetDomainPath, IntroduceDomain,
ResumeDomain
+from xen.xend.xenstore.xsutil import GetDomainPath, IntroduceDomain, SetTarget,
ResumeDomain
from xen.xend.xenstore.xswatch import xswatch
from xen.xend.XendConstants import *
from xen.xend.XendAPIConstants import *
@@ -883,6 +883,9 @@
def storeVm(self, *args):
return xstransact.Store(self.vmpath, *args)
+ def permissionsVm(self, *args):
+ return xstransact.SetPermissions(self.vmpath, *args)
+
def _readVmTxn(self, transaction, *args):
paths = map(lambda x: self.vmpath + "/" + x, args)
@@ -905,4 +908,8 @@
return transaction.store(*paths)
+ def permissionsVmTxn(self, transaction, *args):
+ paths = map(lambda x: self.vmpath + "/" + x, args)
+ return transaction.set_permissions(*paths)
+
#
# Function to update xenstore /dom/*
@@ -1694,0 +1702,9 @@
+ def _setTarget(self, target):
+ assert self.domid is not None
+
+ try:
+ SetTarget(self.domid, target)
+ self.storeDom(''target'', target)
+ except RuntimeError, exn:
+ raise XendError(str(exn))
+
@@ -1756,6 +1772,8 @@
self.native_protocol =
channel_details[''native_protocol''];
self._introduceDomain()
+ if self.info.target():
+ self._setTarget(self.info.target())
self._createDevices()
--- a/tools/python/xen/lowlevel/xs/xs.c Wed Jan 23 11:21:35 2008 +0000
+++ b/tools/python/xen/lowlevel/xs/xs.c Wed Jan 23 11:36:15 2008 +0000
@@ -619,6 +619,36 @@
return none(result);
}
+#define xspy_set_target_doc "\n" \
+ "Tell xenstore that a domain is targetting another one so
it\n" \
+ "should let it tinker with it.\n" \
+ " dom [int] : domain id\n" \
+ " target [int] : domain id of the target\n" \
+ "\n" \
+ "Returns None on success.\n" \
+ "Raises xen.lowlevel.xs.Error on error.\n" \
+ "\n"
+
+static PyObject *xspy_set_target(XsHandle *self, PyObject *args)
+{
+ uint32_t dom;
+ uint32_t target;
+
+ struct xs_handle *xh = xshandle(self);
+ bool result = 0;
+
+ if (!xh)
+ return NULL;
+ if (!PyArg_ParseTuple(args, "ii", &dom, &target))
+ return NULL;
+
+ Py_BEGIN_ALLOW_THREADS
+ result = xs_set_target(xh, dom, target);
+ Py_END_ALLOW_THREADS
+
+ return none(result);
+}
+
#define xspy_resume_domain_doc "\n" \
"Tell xenstore to clear its shutdown flag for a domain.\n" \
"This ensures that a subsequent shutdown will fire the\n" \
@@ -817,6 +847,7 @@
XSPY_METH(transaction_start, METH_NOARGS),
XSPY_METH(transaction_end, METH_VARARGS | METH_KEYWORDS),
XSPY_METH(introduce_domain, METH_VARARGS),
+ XSPY_METH(set_target, METH_VARARGS),
XSPY_METH(resume_domain, METH_VARARGS),
XSPY_METH(release_domain, METH_VARARGS),
XSPY_METH(close, METH_NOARGS),
--- a/tools/python/xen/xend/image.py Wed Jan 23 11:21:35 2008 +0000
+++ b/tools/python/xen/xend/image.py Wed Jan 23 11:36:15 2008 +0000
@@ -222,6 +222,7 @@
vncopts = ""
if passwd:
self.vm.storeVm("vncpasswd", passwd)
+ self.vm.permissionsVm("vncpasswd", {
''dom'': self.vm.getDomid(), ''read'': True } )
vncopts = vncopts + ",password"
log.debug("Stored a VNC password for vfb access")
else:
@@ -280,6 +281,9 @@
env[''XAUTHORITY''] = self.xauthority
if self.vncconsole:
args = args + ([ "-vncviewer" ])
+ xstransact.Mkdir("/local/domain/0/device-model/%i" %
self.vm.getDomid())
+ xstransact.SetPermissions("/local/domain/0/device-model/%i" %
self.vm.getDomid(),
+ { ''dom'': self.vm.getDomid(),
''read'': True, ''write'': True })
log.info("spawning device models: %s %s", self.device_model,
args)
# keep track of pid and spawned options to kill it later
self.pid = os.spawnve(os.P_NOWAIT, self.device_model, args, env)
@@ -422,7 +426,9 @@
self.vm.storeVm(("image/dmargs", "
".join(self.dmargs)),
("image/device-model", self.device_model),
("image/display", self.display))
+ self.vm.permissionsVm("image/dmargs", {
''dom'': self.vm.getDomid(), ''read'': True } )
self.vm.storeVm(("rtc/timeoffset", rtc_timeoffset))
+ self.vm.permissionsVm("rtc/timeoffset", {
''dom'': self.vm.getDomid(), ''read'': True } )
self.apic =
int(vmConfig[''platform''].get(''apic'', 0))
self.acpi =
int(vmConfig[''platform''].get(''acpi'', 0))
only in patch2:
--- a/tools/python/xen/xend/xenstore/xsutil.py Wed Jan 23 11:21:35 2008 +0000
+++ b/tools/python/xen/xend/xenstore/xsutil.py Wed Jan 23 11:36:15 2008 +0000
@@ -22,6 +22,9 @@
def IntroduceDomain(domid, page, port):
return xshandle().introduce_domain(domid, page, port)
+def SetTarget(domid, target):
+ return xshandle().set_target(domid, target)
+
def GetDomainPath(domid):
return xshandle().get_domain_path(domid)
--- a/tools/xenstore/xenstored_core.c Wed Jan 23 11:21:35 2008 +0000
+++ b/tools/xenstore/xenstored_core.c Wed Jan 23 11:36:15 2008 +0000
@@ -119,6 +119,7 @@
case XS_ERROR: return "ERROR";
case XS_IS_DOMAIN_INTRODUCED: return "XS_IS_DOMAIN_INTRODUCED";
case XS_RESUME: return "RESUME";
+ case XS_SET_TARGET: return "SET_TARGET";
default:
return "**UNKNOWN**";
}
@@ -283,6 +284,8 @@
break;
close(conn->fd);
}
+ if (conn->target)
+ talloc_unlink(conn, conn->target);
list_del(&conn->list);
trace_destroy(conn, "connection");
return 0;
@@ -472,11 +475,13 @@
mask &= ~XS_PERM_WRITE;
/* Owners and tools get it all... */
- if (!conn->id || perms[0].id == conn->id)
+ if (!conn->id || perms[0].id == conn->id
+ || (conn->target && perms[0].id ==
conn->target->id))
return (XS_PERM_READ|XS_PERM_WRITE|XS_PERM_OWNER) & mask;
for (i = 1; i < num; i++)
- if (perms[i].id == conn->id)
+ if (perms[i].id == conn->id
+ || (conn->target && perms[i].id ==
conn->target->id))
return perms[i].perms & mask;
return perms[0].perms & mask;
@@ -1245,6 +1250,10 @@
do_resume(conn, onearg(in));
break;
+ case XS_SET_TARGET:
+ do_set_target(conn, in);
+ break;
+
default:
eprintf("Client unknown operation %i", in->hdr.msg.type);
send_error(conn, ENOSYS);
--- a/tools/xenstore/xenstored_core.h Wed Jan 23 11:21:35 2008 +0000
+++ b/tools/xenstore/xenstored_core.h Wed Jan 23 11:36:15 2008 +0000
@@ -84,6 +84,9 @@
/* The domain I''m associated with, if any. */
struct domain *domain;
+ /* The target of the domain I''m associated with. */
+ struct connection *target;
+
/* My watches. */
struct list_head watches;
--- a/tools/xenstore/xenstored_domain.c Wed Jan 23 11:21:35 2008 +0000
+++ b/tools/xenstore/xenstored_domain.c Wed Jan 23 11:36:15 2008 +0000
@@ -379,6 +379,51 @@
domain_conn_reset(domain);
send_ack(conn, XS_INTRODUCE);
+}
+
+void do_set_target(struct connection *conn, struct buffered_data *in)
+{
+ char *vec[2];
+ unsigned int domid, tdomid;
+ struct domain *domain, *tdomain;
+ if (get_strings(in, vec, ARRAY_SIZE(vec)) < ARRAY_SIZE(vec)) {
+ send_error(conn, EINVAL);
+ return;
+ }
+
+ if (conn->id != 0 || !conn->can_write) {
+ send_error(conn, EACCES);
+ return;
+ }
+
+ domid = atoi(vec[0]);
+ tdomid = atoi(vec[1]);
+
+ domain = find_domain_by_domid(domid);
+ if (!domain) {
+ send_error(conn, ENOENT);
+ return;
+ }
+ if (!domain->conn) {
+ send_error(conn, EINVAL);
+ return;
+ }
+
+ tdomain = find_domain_by_domid(tdomid);
+ if (!tdomain) {
+ send_error(conn, ENOENT);
+ return;
+ }
+
+ if (!tdomain->conn) {
+ send_error(conn, EINVAL);
+ return;
+ }
+
+ talloc_reference(domain->conn, tdomain->conn);
+ domain->conn->target = tdomain->conn;
+
+ send_ack(conn, XS_SET_TARGET);
}
/* domid */
--- a/tools/xenstore/xenstored_domain.h Wed Jan 23 11:21:35 2008 +0000
+++ b/tools/xenstore/xenstored_domain.h Wed Jan 23 11:36:15 2008 +0000
@@ -34,6 +34,9 @@
/* domid */
void do_resume(struct connection *conn, const char *domid_str);
+/* domid, target */
+void do_set_target(struct connection *conn, struct buffered_data *in);
+
/* domid */
void do_get_domain_path(struct connection *conn, const char *domid_str);
--- a/tools/xenstore/xs.c Wed Jan 23 11:21:35 2008 +0000
+++ b/tools/xenstore/xs.c Wed Jan 23 11:36:15 2008 +0000
@@ -708,6 +708,25 @@
ARRAY_SIZE(iov), NULL));
}
+bool xs_set_target(struct xs_handle *h,
+ unsigned int domid, unsigned int target)
+{
+ char domid_str[MAX_STRLEN(domid)];
+ char target_str[MAX_STRLEN(target)];
+ struct iovec iov[2];
+
+ snprintf(domid_str, sizeof(domid_str), "%u", domid);
+ snprintf(target_str, sizeof(target_str), "%u", target);
+
+ iov[0].iov_base = domid_str;
+ iov[0].iov_len = strlen(domid_str) + 1;
+ iov[1].iov_base = target_str;
+ iov[1].iov_len = strlen(target_str) + 1;
+
+ return xs_bool(xs_talkv(h, XBT_NULL, XS_SET_TARGET, iov,
+ ARRAY_SIZE(iov), NULL));
+}
+
static void * single_with_domid(struct xs_handle *h,
enum xsd_sockmsg_type type,
unsigned int domid)
--- a/tools/xenstore/xs.h Wed Jan 23 11:21:35 2008 +0000
+++ b/tools/xenstore/xs.h Wed Jan 23 11:36:15 2008 +0000
@@ -132,6 +132,15 @@
unsigned int domid,
unsigned long mfn,
unsigned int eventchn);
+
+/* Set the target of a domain
+ * This tells the store daemon that a domain is targetting another one, so
+ * it should let it tinker with it.
+ */
+bool xs_set_target(struct xs_handle *h,
+ unsigned int domid,
+ unsigned int target);
+
/* Resume a domain.
* Clear the shutdown flag for this domain in the store.
*/
--- a/xen/include/public/io/xs_wire.h Wed Jan 23 11:21:35 2008 +0000
+++ b/xen/include/public/io/xs_wire.h Wed Jan 23 11:36:15 2008 +0000
@@ -46,7 +46,8 @@
XS_WATCH_EVENT,
XS_ERROR,
XS_IS_DOMAIN_INTRODUCED,
- XS_RESUME
+ XS_RESUME,
+ XS_SET_TARGET
};
#define XS_WRITE_NONE "NONE"
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel