Commit b78094ea authored by Yathindra Naik's avatar Yathindra Naik

Xenstored now boots entirely with capabilities. Some of the changes made are:

- xl code writes "dir" and "subdirs". It puts permissions on "dirs" first
  and subdirs are assumed to inherit those permissions.
- Two new flags inherit_read and inherit_write were introduced so we could
  inherit capabilities. Once the "dirs" get permissions corresponding inherit
  flag is set. And all the "subdirs" underneath is granted respective caps.
- At this point, default capabilities is not fully implemented. Its side effects
  haven't been observed so far.
- Also, in order to grant capabilities to domains that stamped permissions on
  the "dir", a "grant_flag" is introduced in caps_to_strings. caps_to_strings with
  "grant_flag" set returns the domids that needs to be granted caps.
- Note, during experimenting, I observed that a garbage domid could result in
  crashing xen. This has been fixed now.
parent d8d04b30
This diff is collapsed.
......@@ -117,6 +117,8 @@ struct node {
* cap[0] - read_cap
* cap[1] - write_cap
unsigned int inherit_read;
unsigned int inherit_write;
unsigned int num_caps;
struct capability *caps;
......@@ -1099,7 +1099,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domctl_t) u_domctl)
if ( d == NULL )
TT_ERR("Failed to rcu_lock_dom_by_id:%d\n", op->domain);
......@@ -1107,7 +1106,6 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domctl_t) u_domctl)
if ( to == NULL )
TT_ERR("Failed to rcu_lock_dom_by_id:%d\n", op->domain);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment