On 11/20/2014 05:33 AM, Michal Privoznik wrote: >> I'm also hoping someone else (eblake?) can look at the remote_protocol.x >> changes to ensure they encompass everything they are supposed to. Also >> that the usage of QEMU_JOB_QUERY not _MODIFY for the GetFSInfo seems >> more appropriate and is in line with the various remote_protocol.x >> settings (@acl/@generate stuff settings). > > > @generate is correct, since both, client and server implementations are > provided. > @acl looks consistent to the rest. Correct, for querying domain info you > need to have read permission and that's it. Oh, wait. This is an interaction with the guest agent. We have already stated that ANY action that requires guest cooperation MUST require more than plain domain:read privileges (for example, creating a snapshot requires domain:fs_freeze if the quiesce flag is present; using virDomainShutdownFlags requires domain:write if the guest agent is involved). Since the main use of this API is to query the list of mountpoints that then feed virDomainFSFreeze, I think this should be @acl domain:fs_freeze, rather than domain:read. Even if it is a read-only operation, it makes more sense to treat this command as a family where a user is either given rights for all related freeze APIs or none of them. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list