Re: [PATCH] virDomainInterfaceAddresses: Allow API on RO connection too

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11.01.2016 13:11, Daniel P. Berrange wrote:
> On Mon, Jan 11, 2016 at 12:52:36PM +0100, Michal Privoznik wrote:
>> This API does not change domain state. It's merely like
>> virDomainGetXMLDesc() - and we don't reject RO connections there.
>> There's no reason to reject them here.
> 
> This API can result in talking to the guest agent IIRC, which should
> be denied for read-only.

Ah, I see. We have the following check in the code:

int
virDomainGetVcpusFlags(virDomainPtr domain, unsigned int flags)
{
    /* ... */
    if (flags & VIR_DOMAIN_VCPU_GUEST)
        virCheckReadOnlyGoto(conn->flags, error);
}

On the other hand, virDomainGetTime() talks to guest agent and is allowed on RO connection.

So what about the following change instead?

diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index e5af933..95b797a 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -11545,7 +11545,8 @@ virDomainInterfaceAddresses(virDomainPtr dom,
     if (ifaces)
         *ifaces = NULL;
     virCheckDomainReturn(dom, -1);
-    virCheckNonNullArgGoto(ifaces, error);
+    if (source == VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT)
+        virCheckNonNullArgGoto(ifaces, error);
 
     if (dom->conn->driver->domainInterfaceAddresses) {
         int ret;


Michal

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]