From: Juergen Gross Date: Tue, 13 Sep 2022 05:35:13 +0000 (+0200) Subject: docs: enhance xenstore.txt with permissions description X-Git-Tag: RELEASE-4.14.6~83 X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=7036cb93e334e006fe3b9685256fd75e4967e3fc;p=xen.git docs: enhance xenstore.txt with permissions description The permission scheme of Xenstore nodes is not really covered by docs/misc/xenstore.txt, other than referring to the Xen wiki. Add a paragraph explaining the permissions of nodes, and especially mentioning removal of nodes when a domain has been removed from Xenstore. This is part of XSA-419. Signed-off-by: Juergen Gross Reviewed-by: Edwin Török Acked-by: Julien Grall (cherry picked from commit d084d2c6dff7044956ebdf83a259ad6081a1d921) --- diff --git a/docs/misc/xenstore.txt b/docs/misc/xenstore.txt index 1f42a377c1..6aa07c5ed8 100644 --- a/docs/misc/xenstore.txt +++ b/docs/misc/xenstore.txt @@ -43,6 +43,17 @@ bytes are forbidden; clients specifying relative paths should keep them to within 2048 bytes. (See XENSTORE_*_PATH_MAX in xs_wire.h.) +Each node has one or multiple permission entries. Permissions are +granted by domain-id, the first permission entry of each node specifies +the owner of the node. Permissions of a node can be changed by the +owner of the node, the owner can only be modified by the control +domain (usually domain id 0). The owner always has the right to read +and write the node, while other permissions can be setup to allow +read and/or write access. When a domain is being removed from Xenstore +nodes owned by that domain will be removed together with all of those +nodes' children. + + Communication with xenstore is via either sockets, or event channel and shared memory, as specified in io/xs_wire.h: each message in either direction is a header formatted as a struct xsd_sockmsg