Skip to content

Commit a70bee0

Browse files
robhoesrobhoes
authored
Do not recognise VM.other_config:is_system_domain (#7032)
This code is either obsolete or should use a first-class field (TBD). This is part of XSA-489 / CVE-2026-23560.
2 parents 5cc5240 + 013755b commit a70bee0

1 file changed

Lines changed: 4 additions & 20 deletions

File tree

ocaml/xapi/system_domains.ml

Lines changed: 4 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -23,16 +23,9 @@ open D
2323

2424
(** If a VM is a system domain then xapi will perform lifecycle operations on demand,
2525
and will allow this VM to start even if a host is disabled. *)
26-
let system_domain_key = "is_system_domain"
2726

28-
let bool_of_string x = try bool_of_string x with _ -> false
29-
30-
let is_system_domain snapshot =
31-
snapshot.API.vM_is_control_domain
32-
||
33-
let oc = snapshot.API.vM_other_config in
34-
List.mem_assoc system_domain_key oc
35-
&& bool_of_string (List.assoc system_domain_key oc)
27+
let is_system_domain snapshot = snapshot.API.vM_is_control_domain
28+
(* NOTE: code that recognises the other_config:is_system_domain key has been dropped *)
3629

3730
let get_is_system_domain ~__context ~self =
3831
is_system_domain (Db.VM.get_record ~__context ~self)
@@ -42,15 +35,6 @@ let get_is_system_domain ~__context ~self =
4235
order shouldn't matter because everyone will always update them to the same value.
4336
It's therefore safe to throw away exceptions. *)
4437

45-
let set_is_system_domain ~__context ~self ~value =
46-
Helpers.log_exn_continue
47-
(Printf.sprintf "set_is_system_domain self = %s" (Ref.string_of self))
48-
(fun () ->
49-
Db.VM.remove_from_other_config ~__context ~self ~key:system_domain_key ;
50-
Db.VM.add_to_other_config ~__context ~self ~key:system_domain_key ~value
51-
)
52-
()
53-
5438
(** If a VM is a driver domain then it hosts backends for either disk or network
5539
devices. We link PBD.other_config:storage_driver_domain_key to
5640
VM.other_config:storage_driver_domain_key and we ensure the VM is marked as
@@ -83,7 +67,7 @@ let vm_set_storage_driver_domain ~__context ~self ~value =
8367
()
8468

8569
let record_pbd_storage_driver_domain ~__context ~pbd ~domain =
86-
set_is_system_domain ~__context ~self:domain ~value:"true" ;
70+
(* set_is_system_domain ~__context ~self:domain ~value:"true" ; *)
8771
pbd_set_storage_driver_domain ~__context ~self:pbd
8872
~value:(Ref.string_of domain) ;
8973
vm_set_storage_driver_domain ~__context ~self:domain ~value:(Ref.string_of pbd)
@@ -113,7 +97,7 @@ let storage_driver_domain_of_pbd ~__context ~pbd =
11397

11498
let storage_driver_domain_of_pbd ~__context ~pbd =
11599
let domain = storage_driver_domain_of_pbd ~__context ~pbd in
116-
set_is_system_domain ~__context ~self:domain ~value:"true" ;
100+
(* set_is_system_domain ~__context ~self:domain ~value:"true" ; *)
117101
pbd_set_storage_driver_domain ~__context ~self:pbd
118102
~value:(Ref.string_of domain) ;
119103
vm_set_storage_driver_domain ~__context ~self:domain ~value:(Ref.string_of pbd) ;

0 commit comments

Comments
 (0)