From: Ian Jackson <ian.jackson@eu.citrix.com>
To: xen-devel@lists.xensource.com
Cc: Ross Lagerwall <ross.lagerwall@citrix.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Wei Liu <wei.liu2@citrix.com>,
Ian Jackson <Ian.Jackson@eu.citrix.com>
Subject: [PATCH 18/26] xentoolcore_restrict_all: "Implement" for xenstore
Date: Mon, 9 Oct 2017 16:57:20 +0100 [thread overview]
Message-ID: <1507564648-7580-19-git-send-email-ian.jackson@eu.citrix.com> (raw)
In-Reply-To: <1507564648-7580-1-git-send-email-ian.jackson@eu.citrix.com>
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
---
tools/Rules.mk | 2 +-
tools/xenstore/Makefile | 7 ++++---
tools/xenstore/xenstore.pc.in | 2 +-
tools/xenstore/xs.c | 14 ++++++++++++++
4 files changed, 20 insertions(+), 5 deletions(-)
diff --git a/tools/Rules.mk b/tools/Rules.mk
index 3239e76..be92f0a 100644
--- a/tools/Rules.mk
+++ b/tools/Rules.mk
@@ -146,7 +146,7 @@ LDLIBS_libxenguest = $(SHDEPS_libxenguest) $(XEN_LIBXC)/libxenguest$(libextensio
SHLIB_libxenguest = $(SHDEPS_libxenguest) -Wl,-rpath-link=$(XEN_LIBXC)
CFLAGS_libxenstore = -I$(XEN_XENSTORE)/include $(CFLAGS_xeninclude)
-SHDEPS_libxenstore =
+SHDEPS_libxenstore = $(SHLIB_libxentoolcore)
LDLIBS_libxenstore = $(SHDEPS_libxenstore) $(XEN_XENSTORE)/libxenstore$(libextension)
SHLIB_libxenstore = $(SHDEPS_libxenstore) -Wl,-rpath-link=$(XEN_XENSTORE)
diff --git a/tools/xenstore/Makefile b/tools/xenstore/Makefile
index ff428e2..2b99d2b 100644
--- a/tools/xenstore/Makefile
+++ b/tools/xenstore/Makefile
@@ -11,6 +11,7 @@ CFLAGS += -include $(XEN_ROOT)/tools/config.h
CFLAGS += -I./include
CFLAGS += $(CFLAGS_libxenevtchn)
CFLAGS += $(CFLAGS_libxenctrl)
+CFLAGS += $(CFLAGS_libxentoolcore)
CFLAGS += -DXEN_LIB_STORED="\"$(XEN_LIB_STORED)\""
CFLAGS += -DXEN_RUN_STORED="\"$(XEN_RUN_STORED)\""
@@ -85,10 +86,10 @@ $(CLIENTS): xenstore
ln -f xenstore $@
xenstore: xenstore_client.o $(LIBXENSTORE)
- $(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS)
+ $(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS)
xenstore-control: xenstore_control.o $(LIBXENSTORE)
- $(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS)
+ $(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS)
xs_tdb_dump: xs_tdb_dump.o utils.o tdb.o talloc.o
$(CC) $^ $(LDFLAGS) -o $@ $(APPEND_LDFLAGS)
@@ -101,7 +102,7 @@ libxenstore.so.$(MAJOR): libxenstore.so.$(MAJOR).$(MINOR)
xs.opic: CFLAGS += -DUSE_PTHREAD
libxenstore.so.$(MAJOR).$(MINOR): xs.opic xs_lib.opic
- $(CC) $(LDFLAGS) $(PTHREAD_LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenstore.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $^ $(SOCKET_LIBS) $(PTHREAD_LIBS) $(APPEND_LDFLAGS)
+ $(CC) $(LDFLAGS) $(PTHREAD_LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenstore.so.$(MAJOR) $(SHLIB_LDFLAGS) -o $@ $^ $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) $(PTHREAD_LIBS) $(APPEND_LDFLAGS)
libxenstore.a: xs.o xs_lib.o
$(AR) rcs $@ $^
diff --git a/tools/xenstore/xenstore.pc.in b/tools/xenstore/xenstore.pc.in
index 45dc6b0..6fd72a1 100644
--- a/tools/xenstore/xenstore.pc.in
+++ b/tools/xenstore/xenstore.pc.in
@@ -7,4 +7,4 @@ Description: The Xenstore library for Xen hypervisor
Version: @@version@@
Cflags: -I${includedir} @@cflagslocal@@
Libs: @@libsflag@@${libdir} -lxenstore
-Requires.private: xenevtchn,xencontrol,xengnttab
+Requires.private: xenevtchn,xencontrol,xengnttab,xentoolcore
diff --git a/tools/xenstore/xs.c b/tools/xenstore/xs.c
index 7f85bb2..ae4b878 100644
--- a/tools/xenstore/xs.c
+++ b/tools/xenstore/xs.c
@@ -35,6 +35,8 @@
#include "list.h"
#include "utils.h"
+#include <xentoolcore_internal.h>
+
struct xs_stored_msg {
struct list_head list;
struct xsd_sockmsg hdr;
@@ -48,6 +50,7 @@ struct xs_stored_msg {
struct xs_handle {
/* Communications channel to xenstore daemon. */
int fd;
+ Xentoolcore__Active_Handle tc_ah; /* for restrict */
/*
* A read thread which pulls messages off the comms channel and
@@ -122,6 +125,7 @@ static void *read_thread(void *arg);
struct xs_handle {
int fd;
+ Xentoolcore__Active_Handle tc_ah; /* for restrict */
struct list_head reply_list;
struct list_head watch_list;
/* Clients can select() on this pipe to wait for a watch to fire. */
@@ -219,6 +223,11 @@ static int get_dev(const char *connect_to)
return open(connect_to, O_RDWR);
}
+static int all_restrict_cb(Xentoolcore__Active_Handle *ah, uint32_t domid) {
+ struct xs_handle *h = CONTAINER_OF(ah, *h, tc_ah);
+ return xentoolcore__restrict_by_dup2_null(h->fd);
+}
+
static struct xs_handle *get_handle(const char *connect_to)
{
struct stat buf;
@@ -232,6 +241,9 @@ static struct xs_handle *get_handle(const char *connect_to)
memset(h, 0, sizeof(*h));
h->fd = -1;
+ h->tc_ah.restrict_callback = all_restrict_cb;
+ xentoolcore__register_active_handle(&h->tc_ah);
+
if (stat(connect_to, &buf) != 0)
goto err;
@@ -269,6 +281,7 @@ err:
if (h) {
if (h->fd >= 0)
close(h->fd);
+ xentoolcore__deregister_active_handle(&h->tc_ah);
}
free(h);
@@ -330,6 +343,7 @@ static void close_fds_free(struct xs_handle *h) {
}
close(h->fd);
+ xentoolcore__deregister_active_handle(&h->tc_ah);
free(h);
}
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-10-09 15:57 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-09 15:57 [PATCH v2 00/24] Provide some actual restriction of qemu Ian Jackson
2017-10-09 15:57 ` [PATCH 01/26] xen: Provide XEN_DMOP_remote_shutdown Ian Jackson
2017-10-09 15:57 ` [PATCH 02/26] xen: x86 dm_op: add missing newline before XEN_DMOP_inject_msi Ian Jackson
2017-10-09 15:57 ` [PATCH 03/26] tools: libxendevicemodel: Provide xendevicemodel_shutdown Ian Jackson
2017-10-17 15:24 ` Ross Lagerwall
2017-10-17 15:29 ` Ian Jackson
2017-10-17 17:05 ` [PATCH] tools: libxendevicemodel: Restore symbol versions for 1.0 Ian Jackson
2017-10-17 17:06 ` Wei Liu
2017-10-17 17:19 ` Andrew Cooper
2017-10-18 9:54 ` Ian Jackson
2017-10-18 8:59 ` Ross Lagerwall
2017-10-09 15:57 ` [PATCH 04/26] xentoolcore, _restrict_all: Introduce new library and implementation Ian Jackson
2017-10-10 11:45 ` Anthony PERARD
2017-10-10 17:18 ` Ian Jackson
2017-10-09 15:57 ` [PATCH 05/26] xentoolcore: Link into stubdoms Ian Jackson
2017-10-09 15:57 ` [PATCH 06/26] xentoolcore: Link into minios (update MINIOS_UPSTREAM_REVISION) Ian Jackson
2017-10-09 15:57 ` [PATCH 07/26] tools: qemu-xen build: prepare to link against xentoolcore Ian Jackson
2017-10-09 15:57 ` [PATCH 08/26] libxl: #include "xentoolcore_internal.h" Ian Jackson
2017-10-09 15:57 ` [PATCH 09/26] tools: move CONTAINER_OF to xentoolcore_internal.h Ian Jackson
2017-10-09 15:57 ` [PATCH 10/26] xentoolcore_restrict_all: Implement for libxendevicemodel Ian Jackson
2017-10-09 15:57 ` [PATCH 11/26] xentoolcore_restrict_all: "Implement" for libxencall Ian Jackson
2017-10-09 15:57 ` [PATCH 12/26] xentoolcore_restrict: Break out xentoolcore__restrict_by_dup2_null Ian Jackson
2017-10-09 15:57 ` [PATCH 13/26] xentoolcore_restrict_all: Implement for libxenforeignmemory Ian Jackson
2017-10-09 15:57 ` [PATCH 14/26] xentoolcore_restrict_all: Declare problems due to no evtchn support Ian Jackson
2017-10-09 15:57 ` [PATCH 15/26] xentoolcore_restrict_all: "Implement" for xengnttab Ian Jackson
2017-10-09 15:57 ` [PATCH 16/26] tools/xenstore: get_handle: use "goto err" error handling style Ian Jackson
2017-10-09 15:57 ` [PATCH 17/26] tools/xenstore: get_handle: Allocate struct before opening fd Ian Jackson
2017-10-09 15:57 ` Ian Jackson [this message]
2017-10-09 15:57 ` [PATCH 19/26] xentoolcore, _restrict_all: Document implementation "complete" Ian Jackson
2017-10-09 15:57 ` [PATCH 20/26] xl, libxl: Provide dm_restrict Ian Jackson
2017-10-09 15:57 ` [PATCH 21/26] libxl: Rationalise calculation of user to run qemu as Ian Jackson
2017-10-09 15:57 ` [PATCH 22/26] libxl: libxl__dm_runas_helper: return pwd Ian Jackson
2017-10-09 15:57 ` [PATCH 23/26] libxl: userlookup_helper_getpwnam rename and turn into a macro Ian Jackson
2017-10-09 15:57 ` [PATCH 24/26] libxl: dm_restrict: Support uid range user Ian Jackson
2017-10-09 15:57 ` [PATCH 25/26] tools: xentoolcore_restrict_all: use domid_t Ian Jackson
2017-10-09 15:57 ` [PATCH 26/26] xl: Document VGA problems arising from lack of physmap dmop Ian Jackson
2017-10-09 16:11 ` Wei Liu
2017-10-09 16:10 ` [PATCH v2 00/24] Provide some actual restriction of qemu Ian Jackson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1507564648-7580-19-git-send-email-ian.jackson@eu.citrix.com \
--to=ian.jackson@eu.citrix.com \
--cc=ross.lagerwall@citrix.com \
--cc=sstabellini@kernel.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).