Xenstored now boots entirely with capabilities. Some of the changes made are:
- xl code writes "dir" and "subdirs". It puts permissions on "dirs" first and subdirs are assumed to inherit those permissions. - Two new flags inherit_read and inherit_write were introduced so we could inherit capabilities. Once the "dirs" get permissions corresponding inherit flag is set. And all the "subdirs" underneath is granted respective caps. - At this point, default capabilities is not fully implemented. Its side effects haven't been observed so far. - Also, in order to grant capabilities to domains that stamped permissions on the "dir", a "grant_flag" is introduced in caps_to_strings. caps_to_strings with "grant_flag" set returns the domids that needs to be granted caps. - Note, during experimenting, I observed that a garbage domid could result in crashing xen. This has been fixed now.
Showing with 307 additions and 203 deletions