xenbits.xensource.com Git - xen.git/commit

author	Juergen Gross <jgross@suse.com>
	Fri, 27 Jan 2017 11:47:22 +0000 (12:47 +0100)
committer	Wei Liu <wei.liu2@citrix.com>
	Tue, 7 Feb 2017 11:07:14 +0000 (11:07 +0000)
commit	dbc84d2983969bb47d294131ed9e6bbbdc2aec49
tree	90e1ae6f20de461873ecde2c8c015770aea82e80	tree
parent	2733b800c9a2086d46379d3eb3f480eb5fd433ea	commit \| diff

xenstore: remove XS_RESTRICT support

XS_RESTRICT and the xenstore library function xs_restrict() have never
been usable in all configurations and there are no known users.

This functionality was thought to limit access rights of device models
to xenstore in order to avoid affecting other domains in case of a
security breech. Unfortunately XS_RESTRICT won't help as current
qemu is requiring access to dom0 only accessible xenstore paths to
work correctly. So this command is useless and should be removed.

In order to avoid problems in the future remove all support for
XS_RESTRICT from xenstore.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: David Scott <dave@recoil.org>

tools/ocaml/libs/xb/op.ml		diff \| blob \| blame \| history
tools/ocaml/libs/xb/xb.mli		diff \| blob \| blame \| history
tools/ocaml/xenstored/connection.ml		diff \| blob \| blame \| history
tools/ocaml/xenstored/logging.ml		diff \| blob \| blame \| history
tools/ocaml/xenstored/perms.ml		diff \| blob \| blame \| history
tools/ocaml/xenstored/process.ml		diff \| blob \| blame \| history
tools/xenstore/include/xenstore.h		diff \| blob \| blame \| history
tools/xenstore/xenstored_core.c		diff \| blob \| blame \| history
tools/xenstore/xs.c		diff \| blob \| blame \| history
xen/include/public/io/xs_wire.h		diff \| blob \| blame \| history