virtualisation.xen.store.settings.perms.enableWatch
Whether to enable the watch permission system.
When this is set to true, unprivileged guests can only get watch events
for xenstore entries that they would've been able to read.
When this is set to false, unprivileged guests may get watch events
for xenstore entries that they cannot read. The watch event contains
only the entry name, not the value.
This restores behaviour prior to XSA-115.
- Type
boolean- Default
true- Example
false- Declared
- <nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>