On 11.01.2016 13:11, Daniel P. Berrange wrote:
> On Mon, Jan 11, 2016 at 12:52:36PM +0100, Michal Privoznik wrote:
>> This API does not change domain state. It's merely like
>> virDomainGetXMLDesc() - and we don't reject RO connections there.
>> There's no reason to reject them here.
>
> This API can result in talking to the guest agent IIRC, which should
> be denied for read-only.
Ah, I see. We have the following check in the code:
int
virDomainGetVcpusFlags(virDomainPtr domain, unsigned int flags)
{
/* ... */
if (flags & VIR_DOMAIN_VCPU_GUEST)
virCheckReadOnlyGoto(conn->flags, error);
}
On the other hand, virDomainGetTime() talks to guest agent and is allowed on RO connection.
So what about the following change instead?
diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index e5af933..95b797a 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -11545,7 +11545,8 @@ virDomainInterfaceAddresses(virDomainPtr dom,
if (ifaces)
*ifaces = NULL;
virCheckDomainReturn(dom, -1);
- virCheckNonNullArgGoto(ifaces, error);
+ if (source == VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT)
+ virCheckNonNullArgGoto(ifaces, error);
if (dom->conn->driver->domainInterfaceAddresses) {
int ret;
Michal
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list