On 02.04.25 11:33, Jan Beulich wrote:
On 01.04.2025 19:32, Jason Andryuk wrote:On 2025-04-01 04:07, Jan Beulich wrote:On 31.03.2025 23:46, Jason Andryuk wrote:It is useful for a domain to know its own domid. Xenstored has command line flags to set --master-domid (the local domid) and --priv-domid, but it would be better to autodetect those. Also, domids are necessary to set xenstore permissions - DOMID_SELF is not supported today.Setting permissions for oneself?Any call to xs_set_permissions(), AIUI. Say you have two domUs, dom1 & dom2. dom1 wants to create a shared xenstore node with full permissions for itself, but read-only permission for dom2. dom1 needs to know its own domid to set the permissions: * struct xs_permissions perms[2]; * * perms[0].id = domid1; * perms[0].perms = XS_PERM_NONE; * perms[1].id = domid2; * perms[1].perms = XS_PERM_READ; perms[].id doesn't handle DOMID_SELFThat is, XS_SET_PERMS only ever fully replaces existing permissions, rather than allowing incremental permit/revoke?
Correct. BTW, it is quite easy to get the data needed for setting the permissions: 1. create the new node 2. read the current permissions (will have the owner in perms[0]) 3. extend the permissions as needed Juergen
OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
