package xenstore

  1. Overview
  2. Docs
type t

A role containing a set of privileges

val superuser : t

The superuser role has all privileges

val of_domain : int -> t

The role associated with a specific domain id

val restrict : t -> int -> t

restrict role domid returns a new role which contains the subset of role which applies to domain domid

val set_target : t -> int -> t

set_target role domid needs rationalising

type permission =
  1. | READ
    (*

    ability to read the value associated with a node

    *)
  2. | WRITE
    (*

    ability to modify the value associated with a node

    *)
  3. | CHANGE_ACL
    (*

    ability to change the ACL associated with a node

    *)
  4. | DEBUG
    (*

    ability to invoke debug operations

    *)
  5. | INTRODUCE
    (*

    ability to grant access to other domains

    *)
  6. | ISINTRODUCED
    (*

    ability to query whether a domain has been introduced

    *)
  7. | RESUME
    (*

    ability to restore access to previously shutdown domains

    *)
  8. | RELEASE
    (*

    ability to revoke access from other domains

    *)
  9. | SET_TARGET
    (*

    ability to allow one domain to impersonate a specific other

    *)
  10. | RESTRICT
    (*

    ability to imperonate a specific other domain

    *)
  11. | CONFIGURE
    (*

    ability to view/edit the daemon configuration

    *)
exception Permission_denied

Thrown by the check function if role does not have a specific permission

val check : t -> permission -> Xs_protocol.ACL.t -> unit

check role permission acl throws Permission_denied if role does not have permission according to the access control list acl

val has : t -> permission -> unit

has role permission throws Permission_denied if role does not have permission

OCaml

Innovation. Community. Security.