Signed-off-by: Wei Liu <wei.l...@citrix.com>
Cc: Ian Campbell <ian.campb...@citrix.com>
Cc: Ian Jackson <ian.jack...@eu.citrix.com>
---
tools/xenstore/include/xenstore.h | 26 ++++++++++++++++++++++++--
1 file changed, 24 insertions(+), 2 deletions(-)
diff --git a/tools/xenstore/include/xenstore.h
b/tools/xenstore/include/xenstore.h
index b4b113e..6af5978 100644
--- a/tools/xenstore/include/xenstore.h
+++ b/tools/xenstore/include/xenstore.h
@@ -149,8 +149,30 @@ struct xs_permissions *xs_get_permissions(struct xs_handle
*h,
xs_transaction_t t,
const char *path, unsigned int *num);
-/* Set permissions of node (must be owner).
- * Returns false on failure.
+/* Set permissions of node (must be owner). Returns false on failure.
+ *
+ * Domain 0 may read / write anywhere in the store, regardless of
+ * permission settings.
+ *
+ * Note:
+ * The perms array is a list of (domid, permissions) pairs. The first
+ * element in the list specifies the owner of the list, plus the flags
+ * for every domain not explicitly specified subsequently. The
+ * subsequent entries are normal capabilities.
+ *
+ * Example C code:
+ *
+ * struct xs_permissions perms[2];
+ *
+ * perms[0].id = dm_domid;
+ * perms[0].perms = XS_PERM_NONE;
+ * perms[1].id = guest_domid;
+ * perms[1].perms = XS_PERM_READ;
+ *
+ * It means the owner of the path is domain $dm_domid, all other
+ * domains (unless specified in subsequent pair) can neither read from
+ * nor write to that path. It then specifies domain $guest_domid can
+ * read from that path.
*/
bool xs_set_permissions(struct xs_handle *h, xs_transaction_t t,
const char *path, struct xs_permissions *perms,
--
1.9.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
