[Xen-API] RE: [Xen-devel] [PATCH] xapi toolstack (xen-api-libs): fix compile errors

[Thomas Gazagnaire <Thomas.Gazagnaire@xxxxxxxxxxxxx>]

Hi Andreas,

XS_RESTRICT is defined in this Xen patch-queue:
http://xenbits.xen.org/xapi/xen-3.4.pq.hg?file/c01d38e7092a/restrict_xenstored

Basically, it is used by xapi/oxenstored to drop the xenstore permissions of 
qemu inside dom0. This gives to qemu processes the same permissions than their 
associated domU concerning read/write of xenstore nodes. It is quite useful to 
avoid any security issue with qemu backends.

Because of that, your patch will broke the starting of HVM domains for XCP. I 
believe the best fix for this is to upstream our Xen patch-queue :-) and in a 
more practical way, I believe we should do something like:
1. Add a #define XS_RESTRICT in 
http://xenbits.xen.org/xapi/xen-3.4.pq.hg?file/c01d38e7092a/restrict_xenstored
2. In xen-api-libs.hg/xb/xb_stubs.c, test if XS_RESTRICT is defined. If yes, 
use the value if XS_RESTRICT, else use a default value (128, as defined in the 
patch queue, for example).

About xb.mli file: it is supposed to be the exposed interface, which contains 
some bits of documentation, so it cannot be auto-generated. Thus, it would be 
better to not remove it.

Cheers,
Thomas



> -----Original Message-----
> From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-devel-
> bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Andreas Florath
> Sent: Friday, November 06, 2009 12:51 PM
> To: xen-devel@xxxxxxxxxxxxxxxxxxx
> Subject: [Xen-devel] [PATCH] xapi toolstack (xen-api-libs): fix compile
> errors
> 
> Hello!
> 
> There are two compile errors when 'make allxen' in xen-api-libs.
> 
> o XS_RESTRICT is not defined (c compiler error) o xb.mli file was checked
> in (ocaml error)
> 
> The attached patch should remove those problems.
> 
> Kind regards - Andreas


_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api