direct-io.hg

changeset 8171:74b7a81e5eed

Initialise the connection ID when a domain is introduced. This (re)enables
the permission checking in xenstored.

Default the store permissions to read/write nobody (apart from the privileged
domain). Create a /local node with these permissions, ready for inheriting by
children. In Xend, create a /vm node with these permissions too, for the same
reason, and set the permissions on /local/domain/<domid> and each device
backend path to allow the guest domain to access these paths appropriately.

Added xstransact.{set_permissions,SetPermissions,mkdir,Mkdir,complete} as
support facilities.

This closes bug #290.

Signed-off-by: Ewan Mellor <ewan@xensource.com>
author emellor@leeni.uk.xensource.com
date Fri Dec 02 01:34:39 2005 +0000 (2005-12-02)
parents db6d667f5168
children 1caed7031f6b
files tools/python/xen/xend/XendDomain.py tools/python/xen/xend/XendDomainInfo.py tools/python/xen/xend/server/DevController.py tools/python/xen/xend/xenstore/xstransact.py tools/xenstore/xenstored_core.c tools/xenstore/xenstored_domain.c
line diff
     1.1 --- a/tools/python/xen/xend/XendDomain.py	Fri Dec 02 01:19:25 2005 +0000
     1.2 +++ b/tools/python/xen/xend/XendDomain.py	Fri Dec 02 01:34:39 2005 +0000
     1.3 @@ -36,6 +36,7 @@ from xen.xend import XendRoot
     1.4  from xen.xend import XendCheckpoint
     1.5  from xen.xend.XendError import XendError
     1.6  from xen.xend.XendLogging import log
     1.7 +from xen.xend.xenstore.xstransact import xstransact
     1.8  from xen.xend.xenstore.xswatch import xswatch
     1.9  
    1.10  
    1.11 @@ -46,6 +47,8 @@ xroot = XendRoot.instance()
    1.12  __all__ = [ "XendDomain" ]
    1.13  
    1.14  PRIV_DOMAIN = 0
    1.15 +VMROOT = '/vm/'
    1.16 +
    1.17  
    1.18  class XendDomain:
    1.19      """Index of all domains. Singleton.
    1.20 @@ -64,6 +67,9 @@ class XendDomain:
    1.21      # instance() must be able to return a valid instance of this class even
    1.22      # during this initialisation.
    1.23      def init(self):
    1.24 +        xstransact.Mkdir(VMROOT)
    1.25 +        xstransact.SetPermissions(VMROOT, { 'dom' : PRIV_DOMAIN })
    1.26 +
    1.27          self.domains_lock.acquire()
    1.28          try:
    1.29              self._add_domain(
     2.1 --- a/tools/python/xen/xend/XendDomainInfo.py	Fri Dec 02 01:19:25 2005 +0000
     2.2 +++ b/tools/python/xen/xend/XendDomainInfo.py	Fri Dec 02 01:34:39 2005 +0000
     2.3 @@ -43,7 +43,7 @@ import XendRoot
     2.4  from xen.xend.XendBootloader import bootloader
     2.5  from xen.xend.XendError import XendError, VmError
     2.6  
     2.7 -from xen.xend.xenstore.xstransact import xstransact
     2.8 +from xen.xend.xenstore.xstransact import xstransact, complete
     2.9  from xen.xend.xenstore.xsutil import GetDomainPath, IntroduceDomain
    2.10  from xen.xend.xenstore.xswatch import xswatch
    2.11  
    2.12 @@ -84,8 +84,6 @@ STATE_DOM_SHUTDOWN = 2
    2.13  
    2.14  SHUTDOWN_TIMEOUT = 30
    2.15  
    2.16 -VMROOT  = '/vm/'
    2.17 -
    2.18  ZOMBIE_PREFIX = 'Zombie-'
    2.19  
    2.20  """Minimum time between domain restarts in seconds."""
    2.21 @@ -234,7 +232,7 @@ def recreate(xeninfo, priv):
    2.22              log.warn(str(exn))
    2.23  
    2.24          vm = XendDomainInfo(xeninfo, domid, dompath, True, priv)
    2.25 -        vm.removeDom()
    2.26 +        vm.recreateDom()
    2.27          vm.removeVm()
    2.28          vm.storeVmDetails()
    2.29          vm.storeDomDetails()
    2.30 @@ -385,7 +383,7 @@ class XendDomainInfo:
    2.31          else:
    2.32              self.domid = None
    2.33  
    2.34 -        self.vmpath  = VMROOT + self.info['uuid']
    2.35 +        self.vmpath  = XendDomain.VMROOT + self.info['uuid']
    2.36          self.dompath = dompath
    2.37  
    2.38          if augment:
    2.39 @@ -570,6 +568,14 @@ class XendDomainInfo:
    2.40      def removeDom(self, *args):
    2.41          return xstransact.Remove(self.dompath, *args)
    2.42  
    2.43 +    def recreateDom(self):
    2.44 +        complete(self.dompath, lambda t: self._recreateDom(t))
    2.45 +
    2.46 +    def _recreateDom(self, t):
    2.47 +        t.remove()
    2.48 +        t.mkdir()
    2.49 +        t.set_permissions({ 'dom' : self.domid })
    2.50 +
    2.51  
    2.52      ## private:
    2.53  
    2.54 @@ -1084,7 +1090,7 @@ class XendDomainInfo:
    2.55  
    2.56          self.dompath = GetDomainPath(self.domid)
    2.57  
    2.58 -        self.removeDom()
    2.59 +        self.recreateDom()
    2.60  
    2.61          # Set maximum number of vcpus in domain
    2.62          xc.domain_max_vcpus(self.domid, int(self.info['vcpus']))
    2.63 @@ -1384,7 +1390,7 @@ class XendDomainInfo:
    2.64          self.release_devices()
    2.65          self.info['name'] = new_name
    2.66          self.info['uuid'] = new_uuid
    2.67 -        self.vmpath = VMROOT + new_uuid
    2.68 +        self.vmpath = XendDomain.VMROOT + new_uuid
    2.69          self.storeVmDetails()
    2.70          self.preserve()
    2.71  
     3.1 --- a/tools/python/xen/xend/server/DevController.py	Fri Dec 02 01:19:25 2005 +0000
     3.2 +++ b/tools/python/xen/xend/server/DevController.py	Fri Dec 02 01:34:39 2005 +0000
     3.3 @@ -105,6 +105,13 @@ class DevController:
     3.4                  t.remove(frontpath)
     3.5                  t.remove(backpath)
     3.6  
     3.7 +                t.mkdir(backpath)
     3.8 +                import xen.xend.XendDomain
     3.9 +                t.set_permissions(backpath,
    3.10 +                                  {'dom': xen.xend.XendDomain.PRIV_DOMAIN },
    3.11 +                                  {'dom'  : self.vm.getDomid(),
    3.12 +                                   'read' : True })
    3.13 +
    3.14                  t.write2(frontpath, front)
    3.15                  t.write2(backpath,  back)
    3.16  
     4.1 --- a/tools/python/xen/xend/xenstore/xstransact.py	Fri Dec 02 01:19:25 2005 +0000
     4.2 +++ b/tools/python/xen/xend/xenstore/xstransact.py	Fri Dec 02 01:34:39 2005 +0000
     4.3 @@ -213,6 +213,27 @@ class xstransact:
     4.4                  self._write(key, fmt % val)
     4.5  
     4.6  
     4.7 +    def mkdir(self, *args):
     4.8 +        if len(args) == 0:
     4.9 +            xshandle().mkdir(self.transaction, self.path)
    4.10 +        else:
    4.11 +            for key in args:
    4.12 +                xshandle().mkdir(self.transaction, self.prependPath(key))
    4.13 +
    4.14 +
    4.15 +    def set_permissions(self, *args):
    4.16 +        if len(args) == 0:
    4.17 +            raise TypeError
    4.18 +        elif isinstance(args[0], str):
    4.19 +            self.callRebased(args[0], self.set_permissions, *args[1:])
    4.20 +        else:
    4.21 +            if not self.path:
    4.22 +                raise RuntimeError('Cannot set permissions on the root')
    4.23 +
    4.24 +            xshandle().set_permissions(self.transaction, self.path,
    4.25 +                                       list(args))
    4.26 +
    4.27 +
    4.28      def remove2(self, middlePath, *args):
    4.29          self.callRebased(middlePath, self.remove, *args)
    4.30  
    4.31 @@ -245,29 +266,11 @@ class xstransact:
    4.32          given path, and return a list composed of the values at each of those
    4.33          instead.  This operation is performed inside a transaction.
    4.34          """
    4.35 -        while True:
    4.36 -            t = cls(path)
    4.37 -            try:
    4.38 -                v = t.read(*args)
    4.39 -                t.abort()
    4.40 -                return v
    4.41 -            except:
    4.42 -                t.abort()
    4.43 -                raise
    4.44 -
    4.45 +        return complete(path, lambda t: t.read(*args))
    4.46      Read = classmethod(Read)
    4.47  
    4.48      def Write(cls, path, *args):
    4.49 -        while True:
    4.50 -            t = cls(path)
    4.51 -            try:
    4.52 -                t.write(*args)
    4.53 -                if t.commit():
    4.54 -                    return
    4.55 -            except:
    4.56 -                t.abort()
    4.57 -                raise
    4.58 -
    4.59 +        complete(path, lambda t: t.write(*args))
    4.60      Write = classmethod(Write)
    4.61  
    4.62      def Remove(cls, path, *args):
    4.63 @@ -275,16 +278,7 @@ class xstransact:
    4.64          each further argument as a subpath to the given path, and remove each
    4.65          of those instead.  This operation is performed inside a transaction.
    4.66          """
    4.67 -        while True:
    4.68 -            t = cls(path)
    4.69 -            try:
    4.70 -                t.remove(*args)
    4.71 -                if t.commit():
    4.72 -                    return
    4.73 -            except:
    4.74 -                t.abort()
    4.75 -                raise
    4.76 -
    4.77 +        complete(path, lambda t: t.remove(*args))
    4.78      Remove = classmethod(Remove)
    4.79  
    4.80      def List(cls, path, *args):
    4.81 @@ -294,16 +288,7 @@ class xstransact:
    4.82          and return the cumulative listing of each of those instead.  This
    4.83          operation is performed inside a transaction.
    4.84          """
    4.85 -        while True:
    4.86 -            t = cls(path)
    4.87 -            try:
    4.88 -                v = t.list(*args)
    4.89 -                if t.commit():
    4.90 -                    return v
    4.91 -            except:
    4.92 -                t.abort()
    4.93 -                raise
    4.94 -
    4.95 +        return complete(path, lambda t: t.list(*args))
    4.96      List = classmethod(List)
    4.97  
    4.98      def ListRecursive(cls, path, *args):
    4.99 @@ -313,40 +298,33 @@ class xstransact:
   4.100          subpath to the given path, and return the cumulative listing of each
   4.101          of those instead.  This operation is performed inside a transaction.
   4.102          """
   4.103 -        while True:
   4.104 -            t = cls(path)
   4.105 -            try:
   4.106 -                v = t.list_recursive(*args)
   4.107 -                if t.commit():
   4.108 -                    return v
   4.109 -            except:
   4.110 -                t.abort()
   4.111 -                raise
   4.112 -
   4.113 +        return complete(path, lambda t: t.list_recursive(*args))
   4.114      ListRecursive = classmethod(ListRecursive)
   4.115  
   4.116      def Gather(cls, path, *args):
   4.117 -        while True:
   4.118 -            t = cls(path)
   4.119 -            try:
   4.120 -                v = t.gather(*args)
   4.121 -                if t.commit():
   4.122 -                    return v
   4.123 -            except:
   4.124 -                t.abort()
   4.125 -                raise
   4.126 -
   4.127 +        return complete(path, lambda t: t.gather(*args))
   4.128      Gather = classmethod(Gather)
   4.129  
   4.130      def Store(cls, path, *args):
   4.131 -        while True:
   4.132 -            t = cls(path)
   4.133 -            try:
   4.134 -                v = t.store(*args)
   4.135 -                if t.commit():
   4.136 -                    return v
   4.137 -            except:
   4.138 -                t.abort()
   4.139 -                raise
   4.140 +        complete(path, lambda t: t.store(*args))
   4.141 +    Store = classmethod(Store)
   4.142 +
   4.143 +    def SetPermissions(cls, path, *args):
   4.144 +        complete(path, lambda t: t.set_permissions(*args))
   4.145 +    SetPermissions = classmethod(SetPermissions)
   4.146 +
   4.147 +    def Mkdir(cls, path, *args):
   4.148 +        complete(path, lambda t: t.mkdir(*args))
   4.149 +    Mkdir = classmethod(Mkdir)
   4.150  
   4.151 -    Store = classmethod(Store)
   4.152 +
   4.153 +def complete(path, f):
   4.154 +    while True:
   4.155 +        t = xstransact(path)
   4.156 +        try:
   4.157 +            result = f(t)
   4.158 +            if t.commit():
   4.159 +                return result
   4.160 +        except:
   4.161 +            t.abort()
   4.162 +            raise
     5.1 --- a/tools/xenstore/xenstored_core.c	Fri Dec 02 01:19:25 2005 +0000
     5.2 +++ b/tools/xenstore/xenstored_core.c	Fri Dec 02 01:34:39 2005 +0000
     5.3 @@ -1401,7 +1401,7 @@ void dump_connection(void)
     5.4  static void manual_node(const char *name, const char *child)
     5.5  {
     5.6  	struct node *node;
     5.7 -	struct xs_permissions perms = { .id = 0, .perms = XS_PERM_READ };
     5.8 +	struct xs_permissions perms = { .id = 0, .perms = XS_PERM_NONE };
     5.9  
    5.10  	node = talloc(NULL, struct node);
    5.11  	node->name = name;
    5.12 @@ -1442,6 +1442,7 @@ static void setup_structure(void)
    5.13  		   the balloon driver, this can be fatal.
    5.14  		*/
    5.15  		internal_rm("/local");
    5.16 +		manual_node("/", "local");
    5.17  	}
    5.18  	else {
    5.19  		tdb_ctx = tdb_open(tdbname, 7919, TDB_FLAGS, O_RDWR|O_CREAT,
     6.1 --- a/tools/xenstore/xenstored_domain.c	Fri Dec 02 01:19:25 2005 +0000
     6.2 +++ b/tools/xenstore/xenstored_domain.c	Fri Dec 02 01:34:39 2005 +0000
     6.3 @@ -287,6 +287,7 @@ static struct domain *new_domain(void *c
     6.4  
     6.5  	domain->conn = new_connection(writechn, readchn);
     6.6  	domain->conn->domain = domain;
     6.7 +	domain->conn->id = domid;
     6.8  
     6.9  	domain->remote_port = port;
    6.10  	domain->mfn = mfn;