The device model is going to restrict its xenstore connection to $DOMID level. Let it access /local/domain/0/device-model/$DOMID, as it is required by QEMU to read/write the physmap. It doesn't contain any information the guest is not already fully aware of.
Signed-off-by: Stefano Stabellini <stefano.stabell...@eu.citrix.com> --- Changes in v2: - fix permissions to actually do what intended - use LIBXL_TOOLSTACK_DOMID instead of 0 --- tools/libxl/libxl_dm.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c index 79a9a22..f4f104f 100644 --- a/tools/libxl/libxl_dm.c +++ b/tools/libxl/libxl_dm.c @@ -1461,6 +1461,7 @@ void libxl__spawn_local_dm(libxl__egc *egc, libxl__dm_spawn_state *dmss) char **pass_stuff; const char *dm; int dm_state_fd = -1; + struct xs_permissions rwperm[2]; if (libxl_defbool_val(b_info->device_model_stubdomain)) { abort(); @@ -1503,7 +1504,11 @@ void libxl__spawn_local_dm(libxl__egc *egc, libxl__dm_spawn_state *dmss) } path = libxl__device_model_xs_path(gc, LIBXL_TOOLSTACK_DOMID, domid, ""); - xs_mkdir(ctx->xsh, XBT_NULL, path); + rwperm[0].id = LIBXL_TOOLSTACK_DOMID; + rwperm[0].perms = XS_PERM_NONE; + rwperm[1].id = domid; + rwperm[1].perms = XS_PERM_WRITE; + libxl__xs_mkdir(gc, XBT_NULL, path, rwperm, 2); if (b_info->type == LIBXL_DOMAIN_TYPE_HVM && b_info->device_model_version -- 1.7.10.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel