1.1 --- a/tools/python/xen/lowlevel/xs/xs.c	Thu Dec 18 17:14:27 2008 +0000
     1.2 +++ b/tools/python/xen/lowlevel/xs/xs.c	Thu Dec 18 17:18:28 2008 +0000
     1.3 @@ -336,15 +336,19 @@ static PyObject *xspy_set_permissions(Xs
     1.4  	xs_set_error(EINVAL);
     1.5          goto exit;
     1.6      }
     1.7 +
     1.8      xsperms_n = PyList_Size(perms);
     1.9 -    xsperms = calloc(xsperms_n, sizeof(struct xs_permissions));
    1.10 +    /* NB. alloc +1 so we can change the owner if necessary. */
    1.11 +    xsperms = calloc(xsperms_n + 1, sizeof(struct xs_permissions));
    1.12      if (!xsperms) {
    1.13  	xs_set_error(ENOMEM);
    1.14          goto exit;
    1.15      }
    1.16 +
    1.17      tuple0 = PyTuple_New(0);
    1.18      if (!tuple0)
    1.19          goto exit;
    1.20 +
    1.21      for (i = 0; i < xsperms_n; i++) {
    1.22          /* Read/write perms. Set these. */
    1.23          int p_read = 0, p_write = 0;
    1.24 @@ -357,6 +361,17 @@ static PyObject *xspy_set_permissions(Xs
    1.25          if (p_write)
    1.26              xsperms[i].perms |= XS_PERM_WRITE;
    1.27      }
    1.28 +
    1.29 +    /*
    1.30 +     * Is the caller trying to restrict access to the first specified
    1.31 +     * domain? If so then it cannot be owner, so we force dom0 as owner.
    1.32 +     */
    1.33 +    if (xsperms_n && xsperms[0].perms && xsperms[0].id) {
    1.34 +        memmove(&xsperms[1], &xsperms[0], xsperms_n * sizeof(*xsperms));
    1.35 +        xsperms[0].id = xsperms[0].perms = 0;
    1.36 +        xsperms_n++;
    1.37 +    }
    1.38 +
    1.39      Py_BEGIN_ALLOW_THREADS
    1.40      result = xs_set_permissions(xh, th, path, xsperms, xsperms_n);
    1.41      Py_END_ALLOW_THREADS