ia64/xen-unstable

changeset 18572:60937c4c5a67

xend: Make only selected subdirs of /local/domain/<domid> writable by the guest.

This protects critical data like
/local/domain/<domid>/console/{tty,limit}. It also means we can trust
.../vm, and hence do not need /vm_path. Various parts of the previous
two changesets disappear.

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Thu Oct 02 10:37:28 2008 +0100 (2008-10-02)
parents ab19284c5070
children 8dc05a2b3beb
files tools/python/xen/xend/XendDomainInfo.py tools/python/xen/xend/image.py
line diff
     1.1 --- a/tools/python/xen/xend/XendDomainInfo.py	Wed Oct 01 14:07:17 2008 +0100
     1.2 +++ b/tools/python/xen/xend/XendDomainInfo.py	Thu Oct 02 10:37:28 2008 +0100
     1.3 @@ -142,7 +142,9 @@ def recreate(info, priv):
     1.4      xeninfo['is_control_domain'] = priv
     1.5      xeninfo['is_a_template'] = False
     1.6      domid = xeninfo['domid']
     1.7 -
     1.8 +    uuid1 = uuid.fromString(xeninfo['uuid'])
     1.9 +    needs_reinitialising = False
    1.10 +    
    1.11      dompath = GetDomainPath(domid)
    1.12      if not dompath:
    1.13          raise XendError('No domain path in store for existing '
    1.14 @@ -151,12 +153,42 @@ def recreate(info, priv):
    1.15      log.info("Recreating domain %d, UUID %s. at %s" %
    1.16               (domid, xeninfo['uuid'], dompath))
    1.17  
    1.18 -    vmpath = xstransact.Read("/vm_path", str(domid))
    1.19 +    # need to verify the path and uuid if not Domain-0
    1.20 +    # if the required uuid and vm aren't set, then that means
    1.21 +    # we need to recreate the dom with our own values
    1.22 +    #
    1.23 +    # NOTE: this is probably not desirable, really we should just
    1.24 +    #       abort or ignore, but there may be cases where xenstore's
    1.25 +    #       entry disappears (eg. xenstore-rm /)
    1.26 +    #
    1.27 +    try:
    1.28 +        vmpath = xstransact.Read(dompath, "vm")
    1.29 +        if not vmpath:
    1.30 +            if not priv:
    1.31 +                log.warn('/local/domain/%d/vm is missing. recreate is '
    1.32 +                         'confused, trying our best to recover' % domid)
    1.33 +            needs_reinitialising = True
    1.34 +            raise XendError('reinit')
    1.35 +        
    1.36 +        uuid2_str = xstransact.Read(vmpath, "uuid")
    1.37 +        if not uuid2_str:
    1.38 +            log.warn('%s/uuid/ is missing. recreate is confused, '
    1.39 +                     'trying our best to recover' % vmpath)
    1.40 +            needs_reinitialising = True
    1.41 +            raise XendError('reinit')
    1.42 +        
    1.43 +        uuid2 = uuid.fromString(uuid2_str)
    1.44 +        if uuid1 != uuid2:
    1.45 +            log.warn('UUID in /vm does not match the UUID in /dom/%d.'
    1.46 +                     'Trying out best to recover' % domid)
    1.47 +            needs_reinitialising = True
    1.48 +    except XendError:
    1.49 +        pass # our best shot at 'goto' in python :)
    1.50  
    1.51      vm = XendDomainInfo(xeninfo, domid, dompath, augment = True, priv = priv,
    1.52                          vmpath = vmpath)
    1.53 -
    1.54 -    if not vmpath:
    1.55 +    
    1.56 +    if needs_reinitialising:
    1.57          vm._recreateDom()
    1.58          vm._removeVm()
    1.59          vm._storeVmDetails()
    1.60 @@ -1269,8 +1301,11 @@ class XendDomainInfo:
    1.61      def _recreateDomFunc(self, t):
    1.62          t.remove()
    1.63          t.mkdir()
    1.64 -        t.set_permissions({'dom' : self.domid})
    1.65 +        t.set_permissions({'dom' : self.domid, 'read' : True})
    1.66          t.write('vm', self.vmpath)
    1.67 +        for i in [ 'device', 'control', 'error' ]:
    1.68 +            t.mkdir(i)
    1.69 +            t.set_permissions(i, {'dom' : self.domid})
    1.70  
    1.71      def _storeDomDetails(self):
    1.72          to_store = {
    1.73 @@ -1776,7 +1811,6 @@ class XendDomainInfo:
    1.74          self._releaseDevices()
    1.75          # Remove existing vm node in xenstore
    1.76          self._removeVm()
    1.77 -        self._removeVmPath()
    1.78          new_dom_info = self.info.copy()
    1.79          new_dom_info['name_label'] = self.info['name_label']
    1.80          new_dom_info['uuid'] = self.info['uuid']
    1.81 @@ -2357,7 +2391,6 @@ class XendDomainInfo:
    1.82  
    1.83          paths = self._prepare_phantom_paths()
    1.84  
    1.85 -        self._removeVmPath()
    1.86          if self.dompath is not None:
    1.87              try:
    1.88                  xc.domain_destroy_hook(self.domid)
    1.89 @@ -2660,15 +2693,6 @@ class XendDomainInfo:
    1.90                  log.info("Dev still active but hit max loop timeout")
    1.91                  break
    1.92  
    1.93 -    def _storeVmPath(self):
    1.94 -        log.info("storeVmPath(%s) => %s", self.domid, self.vmpath)
    1.95 -        if self.domid is not None:
    1.96 -            xstransact.Write('/vm_path', str(self.domid), self.vmpath)
    1.97 -
    1.98 -    def _removeVmPath(self):
    1.99 -        if self.domid is not None:
   1.100 -            xstransact.Remove('/vm_path/%s' % str(self.domid))
   1.101 -
   1.102      def _storeVmDetails(self):
   1.103          to_store = {}
   1.104  
   1.105 @@ -2693,7 +2717,6 @@ class XendDomainInfo:
   1.106  
   1.107          self._writeVm(to_store)
   1.108          self._setVmPermissions()
   1.109 -        self._storeVmPath()
   1.110  
   1.111      def _setVmPermissions(self):
   1.112          """Allow the guest domain to read its UUID.  We don't allow it to
     2.1 --- a/tools/python/xen/xend/image.py	Wed Oct 01 14:07:17 2008 +0100
     2.2 +++ b/tools/python/xen/xend/image.py	Thu Oct 02 10:37:28 2008 +0100
     2.3 @@ -418,7 +418,7 @@ class ImageHandler:
     2.4              os.close(null)
     2.5              os.close(logfd)
     2.6          sentinel_write.close()
     2.7 -        self.vm.storeVm("image/device-model-pid", self.pid)
     2.8 +        self.vm.storeDom("image/device-model-pid", self.pid)
     2.9          log.info("device model pid: %d", self.pid)
    2.10          # we would very much prefer not to have a thread here and instead
    2.11          #  have a callback but sadly we don't have Twisted in xend
    2.12 @@ -502,7 +502,7 @@ class ImageHandler:
    2.13          if fifo_fd >= 0:
    2.14              self._openSentinel(sentinel_path_fifo)
    2.15              os.close(fifo_fd)
    2.16 -            self.pid = self.vm._gatherVm(('image/device-model-pid', int))
    2.17 +            self.pid = self.vm._gatherDom(('image/device-model-pid', int))
    2.18              log.debug("%s device model rediscovered, pid %s sentinel fifo %s",
    2.19                      name, self.pid, sentinel_path_fifo)
    2.20              self.sentinel_thread = thread.start_new_thread(self._sentinel_watch,())