Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:Update
xen.31431
xsa403.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xsa403.patch of Package xen.31431
tools/libxl: env variable to signal whether disk/nic backend is trusted From: Roger Pau Monné <roger.pau@citrix.com> Introduce support in libxl for fetching the default backend trusted option for disk and nic devices. Users can set LIBXL_{DISK,NIC}_BACKEND_UNTRUSTED environment variable to notify libxl of whether the backends for disk and nic devices should be trusted. Such information is passed into the frontend so it can take the appropriate measures. This is part of XSA-403. Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> --- a/docs/man/xl.1.pod.in +++ b/docs/man/xl.1.pod.in @@ -1946,6 +1946,24 @@ shows the decimal value. For non-linear =back +=head1 ENVIRONMENT + +=over 4 + +=item B<LIBXL_DISK_BACKEND_UNTRUSTED> + +Set this environment variable to "1" to suggest to the guest that the disk +backend shouldn't be trusted. If the variable is absent or set to "0", the +backend will be trusted. + +=item B<LIBXL_NIC_BACKEND_UNTRUSTED> + +Set this environment variable to "1" to suggest to the guest that the network +backend shouldn't be trusted. If the variable is absent or set to "0", the +backend will be trusted. + +=back + =head1 IGNORED FOR COMPATIBILITY WITH XM xl is mostly command-line compatible with the old xm utility used with --- a/tools/libxl/libxl_disk.c +++ b/tools/libxl/libxl_disk.c @@ -246,6 +246,7 @@ static void device_disk_add(libxl__egc * libxl_domain_config d_config; libxl_device_disk disk_saved; libxl__domain_userdata_lock *lock = NULL; + const char *envvar; libxl_domain_config_init(&d_config); libxl_device_disk_init(&disk_saved); @@ -414,6 +415,10 @@ static void device_disk_add(libxl__egc * flexarray_append(front, GCSPRINTF("%d", device->devid)); flexarray_append(front, "device-type"); flexarray_append(front, disk->is_cdrom ? "cdrom" : "disk"); + flexarray_append(front, "trusted"); + envvar = getenv("LIBXL_DISK_BACKEND_UNTRUSTED"); + /* Set "trusted=1" if envvar missing or is "0". */ + flexarray_append(front, !envvar || !strcmp("0", envvar) ? "1" : "0"); /* * Old PV kernel disk frontends before 2.6.26 rely on tool stack to --- a/tools/libxl/libxl_nic.c +++ b/tools/libxl/libxl_nic.c @@ -129,6 +129,8 @@ static int libxl__set_xenstore_nic(libxl flexarray_t *back, flexarray_t *front, flexarray_t *ro_front) { + const char *envvar; + flexarray_grow(back, 2); if (nic->script) @@ -237,6 +239,11 @@ static int libxl__set_xenstore_nic(libxl flexarray_append(front, GCSPRINTF( LIBXL_MAC_FMT, LIBXL_MAC_BYTES(nic->mac))); + flexarray_append(front, "trusted"); + envvar = getenv("LIBXL_NIC_BACKEND_UNTRUSTED"); + /* Set "trusted=1" if envvar missing or is "0". */ + flexarray_append(front, !envvar || !strcmp("0", envvar) ? "1" : "0"); + return 0; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor