On Wed, Jun 14, 2006 at 09:22:04AM -0400, Daniel Veillard wrote: > On Wed, Jun 14, 2006 at 01:44:36PM +0100, Daniel P. Berrange wrote: > > 1. In all of these methods I followed example from virDomainSetMemory and > > put in > > > > if (domain->conn->flags & VIR_CONNECT_RO) > > return (-1); > > > > This prevents these methods working with a 'read only' connection, however, > > this is a deviation from previous semantics. Even with a read only connection, > > XenD will let arbitrary unprivileged user shutdown/suspend/resume/etc a > > domain, so by putting this VIR_CONNECT_RO check in we'd be preventing an > > operation which used to work. > > Hum, there is pros and cons. Pro is obviously cleaness and long term > maintainance/expectations (this will have to be fixed). Cons is the fact > it is allowed and putting the limitation in libvirt does not fix anything > and we don't know yet what the final security policy will be... > Also it blocks regression tests from running as an user and force to su > before running 'make tests' which is a bit inconvenient... When I commit this I'll wrap the VIR_CONNECT_RO flag test in a '#ifdef PEDANTIC' conditional. So the default semantics of these methods will be unchanged for now, unless you explicitly add -DPEDANDIC to the compiler flags. We can re-visit it at a later day whe XenD gets a sensible security / authentication model. > > What was the reason to call xenDaemonDomainShutdown twice ? With my > > my guess is that's just an error due to a factoring remains from when the > xenDaemonDomainShutdown() code was directly inlined in that routine. Ok, so I've commited the patch and not worried about the duplicated calls. Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|