Re: [Xen-devel] [PATCH] xenstore: document xs_set_permissions

Tue, 31 Mar 2015 05:12:09 -0700 

On Tue, Mar 31, 2015 at 01:08:32PM +0100, Ian Campbell wrote:
> On Tue, 2015-03-31 at 11:24 +0100, Wei Liu wrote:
> > Signed-off-by: Wei Liu <wei.l...@citrix.com>
> > Cc: Ian Campbell <ian.campb...@citrix.com>
> > Cc: Ian Jackson <ian.jack...@eu.citrix.com>
> 
> Acked-by: Ian Campbell <ian.campb...@citrix.com>
> 
> One comment/suggestion:
> > ---
> >  tools/xenstore/include/xenstore.h | 26 ++++++++++++++++++++++++--
> >  1 file changed, 24 insertions(+), 2 deletions(-)
> > 
> > diff --git a/tools/xenstore/include/xenstore.h 
> > b/tools/xenstore/include/xenstore.h
> > index b4b113e..6af5978 100644
> > --- a/tools/xenstore/include/xenstore.h
> > +++ b/tools/xenstore/include/xenstore.h
> > @@ -149,8 +149,30 @@ struct xs_permissions *xs_get_permissions(struct 
> > xs_handle *h,
> >                                       xs_transaction_t t,
> >                                       const char *path, unsigned int *num);
> >  
> > -/* Set permissions of node (must be owner).
> > - * Returns false on failure.
> > +/* Set permissions of node (must be owner).  Returns false on failure.
> > + *
> > + * Domain 0 may read / write anywhere in the store, regardless of
> > + * permission settings.
> > + *
> > + * Note:
> > + * The perms array is a list of (domid, permissions) pairs. The first
> > + * element in the list specifies the owner of the list, plus the flags
> > + * for every domain not explicitly specified subsequently. The
> > + * subsequent entries are normal capabilities.
> > + *
> > + * Example C code:
> > + *
> > + *  struct xs_permissions perms[2];
> > + *
> > + *  perms[0].id = dm_domid;
> > + *  perms[0].perms = XS_PERM_NONE;
> > + *  perms[1].id = guest_domid;
> > + *  perms[1].perms = XS_PERM_READ;
> > + *
> > + * It means the owner of the path is domain $dm_domid,
> 
> Is it worth mentioning explicitly that the owner always gets an implicit
> XS_PERM_READ|XS_PERM_WRITE?
> 

No problem. I will send out v2 with this information and your ack.

Wei.

> >  all other
> > + * domains (unless specified in subsequent pair) can neither read from
> > + * nor write to that path. It then specifies domain $guest_domid can
> > + * read from that path.
> >   */
> >  bool xs_set_permissions(struct xs_handle *h, xs_transaction_t t,
> >                     const char *path, struct xs_permissions *perms,
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Reply via email to