On Wed, Aug 05, 2015 at 01:59:07PM +0200, Tomas Meszaros wrote:
> Also, among with this new API new ACL that restricts rename capability
> is invented too.
>
> Signed-off-by: Tomas Meszaros <exo@xxxxxx>
> ---
> include/libvirt/libvirt-domain.h | 2 ++
> src/access/viraccessperm.c | 3 ++-
> src/access/viraccessperm.h | 6 ++++++
> src/driver-hypervisor.h | 5 +++++
> src/libvirt-domain.c | 31 +++++++++++++++++++++++++++++++
> src/libvirt_public.syms | 5 +++++
> src/remote/remote_driver.c | 1 +
> src/remote/remote_protocol.x | 18 +++++++++++++++++-
> src/remote_protocol-structs | 8 ++++++++
> 9 files changed, 77 insertions(+), 2 deletions(-)
> diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
> index 9f1be6b..0f26793 100644
> --- a/src/remote/remote_protocol.x
> +++ b/src/remote/remote_protocol.x
> @@ -3230,6 +3230,14 @@ struct remote_domain_set_user_password_args {
> unsigned int flags;
> };
>
> +struct remote_domain_rename_args {
> + remote_nonnull_domain dom;
> + remote_string new_name;
> +};
> +
> +struct remote_domain_rename_ret {
> + int rename;
> +};
>
> /*----- Protocol. -----*/
>
> @@ -5696,5 +5704,13 @@ enum remote_procedure {
> * @generate:both
> * @acl: domain:set_password
> */
> - REMOTE_PROC_DOMAIN_SET_USER_PASSWORD = 357
> + REMOTE_PROC_DOMAIN_SET_USER_PASSWORD = 357,
> +
> + /**
> + * @generate: both
> + * @acl: domain:rename
> + * @acl: domain:write
> + * @acl: domain:save
When you require write + save you have already given away the
keys to the kingdom. Adding a rename permission doesn't
really have any benefit at that point. So I'd just get rid
of the new rename permission.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list