From mboxrd@z Thu Jan  1 00:00:00 1970
From: Vincent Hanquez <vincent.hanquez@eu.citrix.com>
Subject: Re: bug in dom create script regarding xenstore
	permission?
Date: Tue, 14 Jul 2009 18:45:07 +0100
Message-ID: <4A5CC423.1080604@eu.citrix.com>
References: <add59a3f0907141040re927e54j9fbe311b1988c75f@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <add59a3f0907141040re927e54j9fbe311b1988c75f@mail.gmail.com>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: weiming <zephyr.zhao@gmail.com>
Cc: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
List-Id: xen-devel@lists.xenproject.org

weiming wrote:
> Hi,
> 
> I upgraded from xen 3.2 to xen 3.4 and found that in 3.4, I can't write 
> xenstore in domU.
> Then, I found that the owner of the /local/domain/<domid> is 0.
> That is:
> When I used xs_get_permissions to get the permission of 
> "/local/domain/1", I got
> (0,0), (1,1)   (dom, perm)
> which implies that dom0 is the owner, and dom1 has read-only perm.
> 
> in xen 3.2, it returns (1,0), which is correct.
> 
> So I guess it might be a bug in the dom create scripts, but I can't find 
> where.

Hi weiming,

it's not a bug. the behavior that you are seeing in 3.2 was a security 
issue. 3.4 got the issue fixed.

Cheers,
-- 
Vincent