ia64/xen-unstable

changeset 18943:8c35da364ab3

xend: Actually restrict a domU's access to xenstore when we mean to --
this means that in some cases it cannot be owner of its own xenstore
nodes.

This bug was pointed out by Daniel Berrange at Red Hat. This patch is
my own more generic fix that automatically covers a range of callers
(albeit the patch is arguably a bit of a hack ;-).

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Thu Dec 18 17:18:28 2008 +0000 (2008-12-18)
parents 54c5d8247aaf
children d238101c1832
files tools/python/xen/lowlevel/xs/xs.c
line diff
     1.1 --- a/tools/python/xen/lowlevel/xs/xs.c	Thu Dec 18 17:14:27 2008 +0000
     1.2 +++ b/tools/python/xen/lowlevel/xs/xs.c	Thu Dec 18 17:18:28 2008 +0000
     1.3 @@ -336,15 +336,19 @@ static PyObject *xspy_set_permissions(Xs
     1.4  	xs_set_error(EINVAL);
     1.5          goto exit;
     1.6      }
     1.7 +
     1.8      xsperms_n = PyList_Size(perms);
     1.9 -    xsperms = calloc(xsperms_n, sizeof(struct xs_permissions));
    1.10 +    /* NB. alloc +1 so we can change the owner if necessary. */
    1.11 +    xsperms = calloc(xsperms_n + 1, sizeof(struct xs_permissions));
    1.12      if (!xsperms) {
    1.13  	xs_set_error(ENOMEM);
    1.14          goto exit;
    1.15      }
    1.16 +
    1.17      tuple0 = PyTuple_New(0);
    1.18      if (!tuple0)
    1.19          goto exit;
    1.20 +
    1.21      for (i = 0; i < xsperms_n; i++) {
    1.22          /* Read/write perms. Set these. */
    1.23          int p_read = 0, p_write = 0;
    1.24 @@ -357,6 +361,17 @@ static PyObject *xspy_set_permissions(Xs
    1.25          if (p_write)
    1.26              xsperms[i].perms |= XS_PERM_WRITE;
    1.27      }
    1.28 +
    1.29 +    /*
    1.30 +     * Is the caller trying to restrict access to the first specified
    1.31 +     * domain? If so then it cannot be owner, so we force dom0 as owner.
    1.32 +     */
    1.33 +    if (xsperms_n && xsperms[0].perms && xsperms[0].id) {
    1.34 +        memmove(&xsperms[1], &xsperms[0], xsperms_n * sizeof(*xsperms));
    1.35 +        xsperms[0].id = xsperms[0].perms = 0;
    1.36 +        xsperms_n++;
    1.37 +    }
    1.38 +
    1.39      Py_BEGIN_ALLOW_THREADS
    1.40      result = xs_set_permissions(xh, th, path, xsperms, xsperms_n);
    1.41      Py_END_ALLOW_THREADS