Merge master into feature/trusted-certs#7043
Merged
minglumlu merged 13 commits intoxapi-project:feature/trusted-certsfrom Apr 29, 2026
Merged
Merge master into feature/trusted-certs#7043minglumlu merged 13 commits intoxapi-project:feature/trusted-certsfrom
minglumlu merged 13 commits intoxapi-project:feature/trusted-certsfrom
Conversation
Signed-off-by: Changlei Li <changlei.li@citrix.com>
A mistake in xapi-project#6795 that breaks quicktest.
There is no use case for it anymore. This is part of XSA-489 / CVE-2026-23559. Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
This code is either obsolete or should use a first-class field (TBD). This is part of XSA-489 / CVE-2026-23560. Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
This code is either obsolete or should use a first-class field (TBD). This is part of XSA-489 / CVE-2026-23560.
There is no use case for it anymore. This is part of XSA-489 / CVE-2026-23559.
This code is either obsolete or should use a first-class field (TBD). This is part of XSA-489 / CVE-2026-23561. Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
…oject#7033) This code is either obsolete or should use a first-class field (TBD). This is part of XSA-489 / CVE-2026-23561.
map_keys_roles parameter was RBAC checked for
{add_to,remove_from}_other_config, but set_other_config allowed
circumventing this check.
Since VM is the only object that has a key ("pci") in other_config
with the privilege level required for modification higher than that of the
other_config field generally, this meant that vm-admin could not modify the
"pci" key in other_config through add_to_other_config, but could circumvent the
check with set_other_config.
Implement a checker for VM.other_config setters based on Task's manual RBAC
checker (introduced in a3f2c6e)
This is part of XSA-489 / CVE-2026-23562
Signed-off-by: Andrii Sultanov <andriy.sultanov@vates.tech>
platform:hvm_serial and other_config:hvm_serial are both keys that allow host filesystem write. Limit these to be modifiable only by pool-admin. Implement set_platform with Helpers.set_map_with_rbac, like for set_other_config. This is part of XSA-489 / CVE-2026-42486 Signed-off-by: Andrii Sultanov <andriy.sultanov@vates.tech>
The only difference in the schematest comes from changing the type of the
other_config and platform fields from RW to StaticRO, which is necessary to
provide custom implementations of setters.
With a modified schematest, the diff is:
< "qualifier": "RW",
---
> "qualifier": "StaticRO",
Signed-off-by: Andrii Sultanov <andriy.sultanov@vates.tech>
…M.platform` (xapi-project#7039) Add per-key RBAC checking for `VM.platform` and `VM.other_config`, to cover a case where a lower-prileged user could circumvent permission checks on `other_config:{pci,hvm_serial}` and `platform:hvm_serial`. Introduces a generic per-key RBAC checker for map setters based on Task's manual RBAC checker (introduced in xapi-project@a3f2c6e). Uses it for the fields above. This is part of XSA-489 / CVE-2026-23562 and CVE-2026-42486
changlei-li
approved these changes
Apr 29, 2026
BengangY
approved these changes
Apr 29, 2026
minglumlu
merged commit 7e80ad2
into
xapi-project:feature/trusted-certs
16 checks passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.