From: Wei Liu <wei.liu2@citrix.com>
To: Juergen Gross <jgross@suse.com>
Cc: xen-devel@lists.xenproject.org, Wei Liu <wei.liu2@citrix.com>,
ian.jackson@eu.citrix.com, dave@recoil.org
Subject: Re: [PATCH v2] xenstore: remove XS_RESTRICT support
Date: Mon, 23 Jan 2017 12:36:15 +0000 [thread overview]
Message-ID: <20170123123615.GA24188@citrix.com> (raw)
In-Reply-To: <adc7df6a-e4aa-ab15-5451-d9186b7c3545@suse.com>
On Mon, Jan 23, 2017 at 01:34:21PM +0100, Juergen Gross wrote:
> On 23/01/17 13:14, Wei Liu wrote:
> > On Mon, Jan 23, 2017 at 12:32:55PM +0100, Juergen Gross wrote:
> >> XS_RESTRICT and the xenstore library function xs_restrict() have never
> >> been usable in all configurations and there are no known users.
> >>
> >> This functionality was thought to limit access rights of device models
> >> to xenstore in order to avoid affecting other domains in case of a
> >> security breech. Unfortunately XS_RESTRICT won't help as current
> >> qemu is requiring access to dom0 only accessible xenstore paths to
> >> work correctly. So this command is useless and should be removed.
> >>
> >> In order to avoid problems in the future remove all support for
> >> XS_RESTRICT from xenstore.
> >>
> >> Signed-off-by: Juergen Gross <jgross@suse.com>
> >> ---
> >> I'm rather sure I didn't delete anything from oxenstored not related
> >> to XS_RESTRICT, but I could have missed something. I'd appreciate a
> >> thorough review of the ocaml changes I did as my knowledge is rather
> >> limited here.
> > [...]
> >> in
> >> if domid = Define.domid_self || Domains.exist domains domid then "T\000" else "F\000"
> >>
> >> -(* [restrict] is in the patch queue since xen3.2 *)
> >> -let do_restrict con t domains cons data =
> >> - if not (Connection.is_dom0 con)
> >> - then raise Define.Permission_denied;
> >> - let domid =
> >> - match (split None '\000' data) with
> >> - | [ domid; "" ] -> c_int_of_string domid
> >> - | _ -> raise Invalid_Cmd_Args
> >> - in
> >> - Connection.restrict con domid
> >
> > You haven't removed the restrict function in connection.ml and perms.ml.
>
> I wasn't sure whether they are needed for "normal" permission checks.
>
> Will remove them in V3.
>
Yeah, try to remove them and see if oxenstored still compiles. ;-)
>
> Juergen
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
prev parent reply other threads:[~2017-01-23 12:36 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-23 11:32 [PATCH v2] xenstore: remove XS_RESTRICT support Juergen Gross
2017-01-23 12:14 ` Wei Liu
2017-01-23 12:34 ` Juergen Gross
2017-01-23 12:36 ` Wei Liu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170123123615.GA24188@citrix.com \
--to=wei.liu2@citrix.com \
--cc=dave@recoil.org \
--cc=ian.jackson@eu.citrix.com \
--cc=jgross@suse.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.