From 2157eba42a40fd8d18b8870f9a9073c41d21fb5f Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 6 Jul 2010 11:57:20 +0100 Subject: tools/xenstore: add XS_RESTRICT operation to C xenstore client libs. The OCaml xenstored supports the XS_RESTRICT operation, which deprivileges a dom0 xenstore connection so it can only affect one domain's entries. Add the relevant definitions to the C libraries so that callers can use it. Signed-off-by: Tim Deegan --- tools/xenstore/xs.c | 8 ++++++++ tools/xenstore/xs.h | 9 +++++++++ 2 files changed, 17 insertions(+) (limited to 'tools/xenstore') diff --git a/tools/xenstore/xs.c b/tools/xenstore/xs.c index 094db25efa..3441656039 100644 --- a/tools/xenstore/xs.c +++ b/tools/xenstore/xs.c @@ -615,6 +615,14 @@ unwind: return false; } +bool xs_restrict(struct xs_handle *h, unsigned domid) +{ + char buf[16]; + + sprintf(buf, "%d", domid); + return xs_bool(xs_single(h, XBT_NULL, XS_RESTRICT, buf, NULL)); +} + /* Watch a node for changes (poll on fd to detect, or call read_watch()). * When the node (or any child) changes, fd will become readable. * Token is returned when watch is read, to allow matching. diff --git a/tools/xenstore/xs.h b/tools/xenstore/xs.h index 4dae5944ae..4806f1e240 100644 --- a/tools/xenstore/xs.h +++ b/tools/xenstore/xs.h @@ -83,6 +83,15 @@ bool xs_mkdir(struct xs_handle *h, xs_transaction_t t, bool xs_rm(struct xs_handle *h, xs_transaction_t t, const char *path); +/* Restrict a xenstore handle so that it acts as if it had the + * permissions of domain @domid. The handle must currently be + * using domain 0's credentials. + * + * Returns false on failure, in which case the handle continues + * to use the old credentials, or true on success. + */ +bool xs_restrict(struct xs_handle *h, unsigned domid); + /* Get permissions of node (first element is owner, first perms is "other"). * Returns malloced array, or NULL: call free() after use. */ -- cgit v1.2.3